Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– SMB network file system;
– Network namespace;
– Networking core;
(CVE-2024-26928, CVE-2024-56658, CVE-2024-35864, CVE-2024-57798)
It was discovered that GnuPG incorrectly handled importing keys with
certain crafted subkey data. If a user or automated system were tricked
into importing a specially crafted key, a remote attacker may prevent users
from importing other keys in the future.
It was discovered that OpenVPN incorrectly handled certain malformed
packets. A remote attacker could possibly use this issue to cause OpenVPN
to crash, resulting in a denial of service.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-1660.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-1659.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-1658.
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-04-01-2025-1 watchOS 11.4
watchOS 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122376.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AirDrop
Available for: Apple Watch Series 6 and later
Impact: An app may be able to read arbitrary file metadata
Description: A…
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-11 visionOS 2.4
visionOS 2.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122378.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accounts
Available for: Apple Vision Pro
Impact: Sensitive keychain data may be accessible from an iOS backup
Description: This issue…
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-10 tvOS 18.4
tvOS 18.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122377.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AirDrop
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to read arbitrary file metadata
Description: A…
Posted by Apple Product Security via Fulldisclosure on Apr 02
APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5
macOS Ventura 13.7.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/122375.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
AccountPolicy
Available for: macOS Ventura
Impact: A malicious app may be able to gain root privileges
Description:…
