This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-2887.
Category Archives: Advisories
ZDI-24-365: (Pwn2Own) Microsoft Edge DOMArrayBuffer Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2024-2886.
DSA-5661-1 php8.2 – security update
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in secure cookie
bypass, XXE attacks or incorrect validation of password hashes.
DSA-5660-1 php7.4 – security update
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in secure cookie
bypass, XXE attacks or incorrect validation of password hashes.
pgadmin4-7.8-5.fc39
FEDORA-2024-f04c2ec90b
Packages in this update:
pgadmin4-7.8-5.fc39
Update description:
Backport fix for CVE-2024-3116.
mingw-python-idna-3.7-1.fc40
FEDORA-2024-1230cb2cd6
Packages in this update:
mingw-python-idna-3.7-1.fc40
Update description:
Update to idna-3.7.
mingw-python-idna-3.7-1.fc39
FEDORA-2024-83ef5f3c4f
Packages in this update:
mingw-python-idna-3.7-1.fc39
Update description:
Update to idna-3.7.
mingw-python-idna-3.7-1.fc38
FEDORA-2024-831b7c8340
Packages in this update:
mingw-python-idna-3.7-1.fc38
Update description:
Update to idna-3.7.
CVE-2024-31705
Posted by V3locidad on Apr 14
CVE ID: CVE-2024-31705
Title : RCE to Shell Commands” Plugin / GLPI Shell Command Management Interface
Affected Product : GLPI – 10.X.X and last version
Description: An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via
the insufficient validation of user-supplied input.
Affected Component : A remote code execution (RCE) vulnerability has been identified in the ‘Shell…
SEC Consult SA-20240411-0 :: Database Passwords in Server Response in Amazon AWS Glue
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14
SEC Consult Vulnerability Lab Security Advisory < 20240411-0 >
=======================================================================
title: Database Passwords in Server Response
product: Amazon AWS Glue
vulnerable version: until 2024-02-23
fixed version: as of 2024-02-23
CVE number: –
impact: medium
homepage: https://aws.amazon.com/glue/
found:…