Read Time:9 Second
FEDORA-2024-27eafd0e65
Packages in this update:
php-tcpdf-6.7.5-1.fc40
Update description:
Version 6.7.5 (2024-04-20)
Update GitHub actions
fix: CSV-2024-22640 (#712)
Category Archives: Advisories
ZDI-24-396: Microsoft Azure ODSP nikisos Uncontrolled Search Path Element Remote Code Execution Vulnerability
Read Time:11 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ODSP for Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-395: Ivanti Avalanche WLInfoRailService DELKEY Directory Traversal Arbitrary File Deletion Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-27984.
ZDI-24-394: Ivanti Avalanche WLAvalancheService Null Pointer Dereference Denial-of-Service Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-27978.
ZDI-24-393: Ivanti Avalanche WLAvalancheService Directory Traversal Arbitrary File Deletion Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-27977.
ZDI-24-392: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-27976.
ZDI-24-391: Ivanti Avalanche WLAvalancheService Use-After-Free Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-27975.
ZDI-24-390: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-25000.
ZDI-24-389: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-24999.
ZDI-24-388: Ivanti Avalanche WLAvalancheService Directory Traversal Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-24998.