Read Time:8 Second
Several vulnerabilities were discovered in BIND, a DNS server
implementation, which may result in denial of service.
Category Archives: Advisories
DSA-5624-1 edk2 – security update
Read Time:15 Second
Mate Kukri discovered the Debian build of EDK2, a UEFI firmware
implementation, used an insecure default configuration which could result
in Secure Boot bypass via the UEFI shell.
This updates disables the UEFI shell if Secure Boot is used.
DSA-5623-1 postgresql-15 – security update
Read Time:13 Second
It was discovered that a late privilege drop in the “REFRESH MATERIALIZED
VIEW CONCURRENTLY” command could allow an attacker to trick a user with
higher privileges to run SQL commands with these permissions.
DSA-5622-1 postgresql-13 – security update
Read Time:13 Second
It was discovered that a late privilege drop in the “REFRESH MATERIALIZED
VIEW CONCURRENTLY” command could allow an attacker to trick a user with
higher privileges to run SQL commands with these permissions.
unbound-1.19.1-1.fc38
Read Time:13 Second
FEDORA-2024-c967c7d287
Packages in this update:
unbound-1.19.1-1.fc38
Update description:
Fix CVE-2023-50387, DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers.
Fix CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
dnsmasq-2.90-1.fc39
Read Time:8 Second
FEDORA-2024-e24211eff0
Packages in this update:
dnsmasq-2.90-1.fc39
Update description:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
dnsmasq-2.90-1.fc38
Read Time:8 Second
FEDORA-2024-e00eceb11c
Packages in this update:
dnsmasq-2.90-1.fc38
Update description:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
USN-6634-1: .NET vulnerabilities
Read Time:18 Second
Brennan Conroy discovered that .NET with SignalR did not properly
handle malicious clients. An attacker could possibly use this issue
to cause a denial of service. (CVE-2024-21386)
Bahaa Naamneh discovered that .NET with OpenSSL support did not
properly parse X509 certificates. An attacker could possibly use
this issue to cause a denial of service. (CVE-2024-21404)
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Read Time:58 Second
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution for the following:
Adobe Commerce is an offering that provides companies with a flexible and scalable end-to-end plate form to manage commerce experiences of their customers.
Adobe Acrobat is used to view, create, print, and manage PDF files.
Adobe Audition is a professional audio editing application that includes a non-destructive mixing and editing environment.
Adobe FrameMaker Publishing Server is an enterprise software that allows you to automate your multichannel publishing process.
Adobe Substance 3D Stager is a state-of-the-art staging tool to create 3D scenes with real-time 3D visualization and high-quality renders.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights
Critical Patches Issued for Microsoft Products, February 13, 2024
Read Time:24 Second
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.