USN-7060-1: EDK II vulnerabilities
It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local attacker could...
SEC Consult SA-20241009-0 :: Local Privilege Escalation via MSI installer in Palo Alto Networks GlobalProtect (CVE-2024-9473)
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 09 <<< image/webp; name="cmd.webp": Unrecognized >>> Read More
DSA-5788-1 firefox-esr – security update
Damien Schaeffer discovered a use-after-free in the Mozilla Firefox web browser, which could result in the execution of arbitrary code. https://security-tracker.debian.org/tracker/DSA-5788-1 Read More
firefox-131.0.2-1.fc39
FEDORA-2024-f109ae6fc7 Packages in this update: firefox-131.0.2-1.fc39 Update description: Updated to latest upstream (131.0.2) Read More
firefox-131.0.2-1.fc41
FEDORA-2024-d85494e836 Packages in this update: firefox-131.0.2-1.fc41 Update description: Updated to latest upstream (131.0.2) Read More
USN-7059-1: OATH Toolkit vulnerability
Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to...
USN-7043-4: cups-filters vulnerabilities
USN-7043-1 fixed vulnerabilities in cups-filters. This update improves the fix for CVE-2024-47176 by removing support for the legacy CUPS printer discovery protocol entirely. Original advisory...
USN-7042-2: cups-browsed vulnerability
USN-7042-1 fixed a vulnerability in cups-browsed. This update improves the fix by removing support for the legacy CUPS printer discovery protocol entirely. Original advisory details:...
Ivanti CSA (Cloud Services Appliance) zero-day Attack
What is the Attack?Attackers are actively exploiting multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance) that could lead an attacker to gain admin access,...
ZDI-24-1333: NVIDIA Onyx Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NVIDIA Onyx switches. Authentication is not required to exploit this vulnerability. The...