This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-4406.
Category Archives: Advisories
ZDI-24-418: (Pwn2Own) Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-4405.
ZDI-24-417: Xiaomi Pro 13 isUrlMatchLevel Permissive List of Allowed Inputs Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-26322.
et-6.2.8-1.fc38
FEDORA-2024-bd9e67c117
Packages in this update:
et-6.2.8-1.fc38
Update description:
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
et-6.2.8-1.el9
FEDORA-EPEL-2024-90aea0505b
Packages in this update:
et-6.2.8-1.el9
Update description:
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
et-6.2.8-1.fc40
FEDORA-2024-b745c97f4b
Packages in this update:
et-6.2.8-1.fc40
Update description:
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
et-6.2.8-1.fc39
FEDORA-2024-94a155818c
Packages in this update:
et-6.2.8-1.fc39
Update description:
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
USN-6760-1: Gerbv vulnerability
George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did
not properly initialize a data structure when parsing certain nested
RS-274X format files. If a user were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service (application crash).
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
R-4.3.3-2.fc39
FEDORA-2024-07b7b83a4f
Packages in this update:
R-4.3.3-2.fc39
Update description:
Security fix for CVE-2024-27322