This vulnerability allows local attackers to escalate privileges on affected installations of Intel Computing Improvement Program. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-49797.
Category Archives: Advisories
ZDI-24-1642: Linux Kernel nftables Type Confusion Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.8. The following CVEs are assigned: CVE-2024-42070.
USN-7135-1: HAProxy vulnerability
Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.
Access Control in Paxton Net2 software
Posted by Jeroen Hermans via Fulldisclosure on Dec 02
CloudAware Security Advisory
[CVE pending]: Potential PII leak and incorrect access control in Paxton
Net2 software
========================================================================
Summary
========================================================================
Insecure backend database in the Paxton Net2 software. Possible leaking
of PII incorrect access control.
No physical access to computer running Paxton Net2 is required….
USN-7134-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-11692,
CVE-2024-11694, CVE-2024-11695, CVE-2024-11696, CVE-2024-11697,
CVE-2024-11699, CVE-2024-11701, CVE-2024-11704, CVE-2024-11705,
CVE-2024-11706, CVE-2024-11708)
USN-7133-1: HAProxy vulnerability
Yuki Mogi discovered that HAProxy incorrectly handled the interpretation
of certain HTTP requests. A remote attacker could possibly use this issue
to perform a request smuggling attack and obtain sensitive information.
radare2-5.9.8-4.el10_0
FEDORA-EPEL-2024-acbed9a263
Packages in this update:
radare2-5.9.8-4.el10_0
Update description:
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
iaito-5.9.9-2.fc41 radare2-5.9.8-4.fc41
FEDORA-2024-ac8d48e58a
Packages in this update:
iaito-5.9.9-2.fc41
radare2-5.9.8-4.fc41
Update description:
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
iaito-5.9.9-2.el8 radare2-5.9.8-5.el8
FEDORA-EPEL-2024-f9e4479284
Packages in this update:
iaito-5.9.9-2.el8
radare2-5.9.8-5.el8
Update description:
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
fix CVE-2024-48241
iaito-5.9.9-2.fc40 radare2-5.9.8-4.fc40
FEDORA-2024-d4d1e89e61
Packages in this update:
iaito-5.9.9-2.fc40
radare2-5.9.8-4.fc40
Update description:
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858