Multiple vulnerabilities have been discovered in Ivanti Cloud Services Application (CSA), the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

FEDORA-2024-9fb3492511

Packages in this update:

bpftool-7.5.0-1.fc41
kernel-6.12.4-200.fc41
kernel-headers-6.12.4-200.fc41

Update description:

The 6.12.4 stable kernel rebase contains new features, additional hardware support and a number of important fixes across the tree.

Read More

FEDORA-2024-811cffc4ef

Packages in this update:

bpftool-7.5.0-1.fc40
kernel-6.12.4-100.fc40
kernel-headers-6.12.4-100.fc40

Update description:

The 6.12.4 stable kernel rebase contains new features, additional hardware support and a number of important fixes across the tree.

Read More

It was discovered that Tornado incorrectly handled a certain redirect.
A remote attacker could possibly use this issue to redirect a user to an
arbitrary web site and conduct a phishing attack by having the user access
a specially crafted URL. This update provides the corresponding fix for
Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-28370)

It was discovered that Tornado inefficiently handled requests when parsing
cookies. An attacker could possibly use this issue to increase resource
utilization leading to a denial of service. (CVE-2024-52804)

Read More

FEDORA-2024-516b214c25

Packages in this update:

linux-firmware-20241210-1.fc41

Update description:

Update to upstream 20241210

Update firmware file for Intel BlazarU core
amdgpu: numerous firmware updates
upstream amdnpu firmware
QCA: Add Bluetooth nvm files for WCN785x
i915: Update Xe2LPD DMC to v2.24
cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
iwlwifi: add Bz-gf FW for core89-91 release
QCA: Update Bluetooth WCN785x firmware to 2.0.0-00515-2
ice: update ice DDP wireless_edge package to 1.3.20.0
ice: update ice DDP comms package to 1.3.52.0
ice: update ice DDP package to ice-1.3.41.0
amdgpu: update DMCUB to v9.0.10.0 for DCN314/DCN351
Update AMD cpu microcode
xe: Update GUC to v70.36.0 for BMG, LNL
i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL
iwlwifi: add Bz-gf FW for core91-69 release
qcom: venus-5.4: add venus firmware file for qcs615
qcom: update venus firmware file for SC7280
QCA: Add 22 bluetooth firmware nvm files for QCA2066
mediatek MT7921/MT7922: update bluetooth firmware
update for MT7921/MT7922 WiFi device
qcom: Add QDU100 firmware image files.
qcom: Update aic100 firmware files

Read More

FEDORA-2024-5f9b20882f

Packages in this update:

linux-firmware-20241210-1.fc40

Update description:

Update to upstream 20241210

Update firmware file for Intel BlazarU core
amdgpu: numerous firmware updates
upstream amdnpu firmware
QCA: Add Bluetooth nvm files for WCN785x
i915: Update Xe2LPD DMC to v2.24
cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops
iwlwifi: add Bz-gf FW for core89-91 release
QCA: Update Bluetooth WCN785x firmware to 2.0.0-00515-2
ice: update ice DDP wireless_edge package to 1.3.20.0
ice: update ice DDP comms package to 1.3.52.0
ice: update ice DDP package to ice-1.3.41.0
amdgpu: update DMCUB to v9.0.10.0 for DCN314/DCN351
Update AMD cpu microcode
xe: Update GUC to v70.36.0 for BMG, LNL
i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL
iwlwifi: add Bz-gf FW for core91-69 release
qcom: venus-5.4: add venus firmware file for qcs615
qcom: update venus firmware file for SC7280
QCA: Add 22 bluetooth firmware nvm files for QCA2066
mediatek MT7921/MT7922: update bluetooth firmware
update for MT7921/MT7922 WiFi device
qcom: Add QDU100 firmware image files.
qcom: Update aic100 firmware files

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-11949.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-11948.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-11947.

Read More

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.0. The following CVEs are assigned: CVE-2024-53909.

Read More