It was discovered that Flatpak incorrectly handled certain persisted
directories. An attacker could possibly use this issue to read
and write files in locations it would not normally have access to.
A patch was also needed to Bubblewrap in order to avoid race
conditions caused by this fix.

Read More

FEDORA-2024-851219f5e3

Packages in this update:

crosswords-0.3.13.3-4.fc41

Update description:

Update to 0.3.13.3 and fix gresource generation

Read More

FEDORA-2024-78e43b4de6

Packages in this update:

perl-App-cpanminus-1.7047-2.fc39

Update description:

Patch the code to use https instead of http (CVE-2024-45321)

Read More

FEDORA-2024-aaa468ae4f

Packages in this update:

perl-App-cpanminus-1.7047-4.fc40

Update description:

Patch the code to use https instead of http (CVE-2024-45321)

Read More

FEDORA-2024-ef9db8b16d

Packages in this update:

perl-App-cpanminus-1.7047-5.fc41

Update description:

Patch the code to use https instead of http (CVE-2024-45321)

Read More

FEDORA-2024-69ce052378

Packages in this update:

logiops-0.3.5-1.fc39

Update description:

Fixes CVE-2024-45752: A vulnerability that allows users to remap keys arbitrarily. This allows all users on the system to remap a key unexpectedly to a potentially malicious sequence

Read More

FEDORA-2024-326390f033

Packages in this update:

logiops-0.3.5-1.fc40

Update description:

Fixes CVE-2024-45752: A vulnerability that allows users to remap keys arbitrarily. This allows all users on the system to remap a key unexpectedly to a potentially malicious sequence

Read More

FEDORA-2024-1a9b10c921

Packages in this update:

logiops-0.3.5-1.fc41

Update description:

Fixes CVE-2024-45752: A vulnerability that allows users to remap keys arbitrarily. This allows all users on the system to remap a key unexpectedly to a potentially malicious sequence

Read More

Posted by malvuln on Sep 28

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/88922242e8805bfbc5981e55fdfadd71.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Backdoor.Win32.Benju.a
Vulnerability: Unauthenticated Remote Command Execution
Family: Benju
Type: PE32
MD5: 88922242e8805bfbc5981e55fdfadd71
SHA256: 7d34804173e09d0f378dfc8c9212fe77ff51f08c9d0b73d00a19b7045ddc1f0e
Vuln ID: MVID-2024-0700…

Read More

Posted by malvuln on Sep 28

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/277f9a4db328476300c4da5f680902ea.txt
Contact: malvuln13 () gmail com
Media: x.com/malvuln

Threat: Backdoor.Win32.Prorat.jz
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The RAT listens on TCP ports 51100,5112,5110 and runs an
FTP service. Prorat uses a vulnerable component in a secondary malware
it drops on the victim…

Read More