This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1155.
Category Archives: Advisories
ZDI-24-209: NI FlexLogger ServiceRegistry Missing Authorization Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1155.
fontforge-20230101-11.fc40
FEDORA-2024-e01ef71e64
Packages in this update:
fontforge-20230101-11.fc40
Update description:
Security fix for CVE-2024-25081 and CVE-2024-25082
DSA-5634-1 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
xen-4.17.2-7.fc38
FEDORA-2024-0da80aa623
Packages in this update:
xen-4.17.2-7.fc38
Update description:
x86: shadow stack vs exceptions from emulation stubs – [XSA-451,
CVE-2023-46841] (#2266326)
xen-4.17.2-7.fc39
FEDORA-2024-aca9ed1eb1
Packages in this update:
xen-4.17.2-7.fc39
Update description:
x86: shadow stack vs exceptions from emulation stubs – [XSA-451,
CVE-2023-46841] (#2266326)
xen-4.18.0-6.fc40
FEDORA-2024-ee7c81a4d6
Packages in this update:
xen-4.18.0-6.fc40
Update description:
x86: shadow stack vs exceptions from emulation stubs – [XSA-451,
CVE-2023-46841] (#2266326)
USN-6644-2: LibTIFF vulnerabilities
USN-6644-1 fixed vulnerabilities in LibTIFF.
This update provides the corresponding updates for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to crash, resulting
in a denial of service. (CVE-2023-52356)
It was discovered that LibTIFF incorrectly handled certain image files
with the tiffcp utility. If a user were tricked into opening a specially
crafted image file, an attacker could possibly use this issue to cause
tiffcp to crash, resulting in a denial of service. (CVE-2023-6228)
It was discovered that LibTIFF incorrectly handled certain files. If
a user were tricked into opening a specially crafted file, an attacker
could possibly use this issue to cause the application to consume
resources, resulting in a denial of service. (CVE-2023-6277)
USN-6664-1: less vulnerability
It was discovered that less incorrectly handled certain file names.
An attacker could possibly use this issue to cause a crash or execute
arbitrary commands.
golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc38 golang-github-tdewolff-minify-2.20.18-1.fc38 golang-github-tdewolff-parse-2.7.12-1.fc38
FEDORA-2024-0d4d9925a2
Packages in this update:
golang-github-tdewolff-argp-0-0.1.20240227git719bbce.fc38
golang-github-tdewolff-minify-2.20.18-1.fc38
golang-github-tdewolff-parse-2.7.12-1.fc38
Update description:
Update to latest version
Security fix for CVE-2023-39325