ZDI-24-1596: IrfanView RLE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the...
ZDI-24-1595: IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the...
ZDI-24-1594: IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the...
ZDI-24-1593: IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the...
ZDI-24-1613: Intel Driver & Support Assistant Log Folder Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to...
USN-7091-2: Ruby vulnerabilities
USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the corresponding update for ruby2.7 in Ubuntu 20.04 LTS. Original advisory details: It was discovered that...
DSA-5812-2 postgresql-15 – regression update
The postgresql minor release shipped in DSA 5812 introduced an ABI break, which has been reverted so that extensions do not need to be rebuilt....
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe...
Drupal core – Moderately critical – Gadget chain – SA-CORE-2024-008
Project: Drupal core Date: 2024-November-20 Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon Vulnerability: Gadget chain Affected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9...
Drupal core – Moderately critical – Gadget chain – SA-CORE-2024-007
Project: Drupal core Date: 2024-November-20 Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon Vulnerability: Gadget chain Affected versions: >= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9...