Category Archives: Advisories

gdcm-3.0.23-5.fc41

Read Time:32 Second

FEDORA-2024-c5909efa5c

Packages in this update:

gdcm-3.0.23-5.fc41

Update description:

Automatic update for gdcm-3.0.23-5.fc41.

Changelog

* Fri Apr 26 2024 Sandro <devel@penguinpee.nl> – 3.0.23-5
– Apply security patches
– Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288)
– Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292)
– Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296)
* Fri Apr 19 2024 Sandro <devel@penguinpee.nl> – 3.0.23-4
– Replace deprecated PyEval_CallObject() (RHBZ#2245816)
* Fri Mar 22 2024 Sérgio M. Basto <sergio@serjux.com> – 3.0.23-3
– Update URL

Read More

ZDI-24-415: (Pwn2Own) Oracle VirtualBox E1000 Uninitialized Memory Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21113.

Read More

ZDI-24-414: (Pwn2Own) Oracle VirtualBox AHCI Controller Uninitialized Memory Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21112.

Read More

ZDI-24-413: (Pwn2Own) Oracle VirtualBox DevVGA Out-Of-Bounds Write Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21115.

Read More

ZDI-24-412: (Pwn2Own) Oracle VirtualBox VirtIOCore Buffer Overflow Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21114.

Read More

ZDI-24-411: (Pwn2Own) Oracle VirtualBox BusLogic Uninitialized Memory Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-21121.

Read More

ZDI-24-410: Oracle VirtualBox vboxdrv Improper Privilege Management Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21116.

Read More

ZDI-24-409: Oracle VirtualBox Guest Additions Improper Access Control Local Privilege Escalation Vulnerability

Read Time:21 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. In addition, some user interaction is required on the part of a user on the host. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2024-21110.

Read More