Read Time:8 Second
FEDORA-2024-5abfdba2b7
Packages in this update:
mingw-python-waitress-2.1.2-7.fc40
Update description:
Backport fixes for CVE-2024-49768 and CVE-2024-49769.
Category Archives: Advisories
python-aiohttp-3.9.5-2.el9
Read Time:7 Second
FEDORA-EPEL-2024-7ac44bd3cc
Packages in this update:
python-aiohttp-3.9.5-2.el9
Update description:
Security fix for CVE-2024-52304
python-aiohttp-3.9.5-2.fc39
Read Time:7 Second
FEDORA-2024-8c3c0913dc
Packages in this update:
python-aiohttp-3.9.5-2.fc39
Update description:
Security fix for CVE-2024-52304
ZDI-24-1515: (0Day) Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-11394.
ZDI-24-1514: (0Day) Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-11393.
ZDI-24-1513: (0Day) Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-11392.
ZDI-24-1517: McAfee Total Protection Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2024-49592.
ZDI-24-1516: Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Deep Security Agent. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-51503.
ZDI-24-1527: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52573.
ZDI-24-1526: Siemens Tecnomatix Plant Simulation WRL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-52571.