This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-8805.
It was discovered that Expat did not properly handle its internal state
when attempting to resume an unstarted parser. An attacker could use this
issue to cause a denial of service (application crash).
golang-github-chainguard-dev-git-urls-1.0.2-1.fc41
golang-github-task-3.40.1-1.fc41
Bugfix to mitigate CVE-2023-46402
Two security vulnerabilities were discovered in Smarty, a template
engine for PHP, which could result in PHP code injection or cross-site
scripting.
Brian Ristuccia discovered that in ProFTPD, a powerful modular
FTP/SFTP/FTPS server, supplemental group inheritance grants unintended
access to GID 0 because of the lack of supplemental groups from mod_sql.
It was discovered that oFono incorrectly handled decoding SMS messages
leading to a stack overflow. A remote attacker could potentially use
this issue to cause a denial of service.
(CVE-2023-2794, CVE-2023-4233, CVE-2023-4234)
python3.14-3.14.0~a2-2.fc41
Security fix for CVE-2024-12254
python3.14-3.14.0~a2-2.fc40
Security fix for CVE-2024-12254
python3.14-3.14.0~a2-2.fc42
Automatic update for python3.14-3.14.0~a2-2.fc42.
* Sun Dec 8 2024 Charalampos Stratakis <cstratak@redhat.com> – 3.14.0~a2-2
– Security fix for CVE-2024-12254
– Fixes: rhbz#2330928
