This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8594.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8595.

Read More

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, cross-site scripting, spoofing or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5801-1

Read More

FEDORA-2024-ad738c922d

Packages in this update:

thunderbird-115.16.1-1.fc39

Update description:

Update to 115.16.1

https://www.thunderbird.net/en-US/thunderbird/115.16.1esr/releasenotes/

Read More

FEDORA-2024-c0961d31b8

Packages in this update:

krb5-1.21.3-3.fc41

Update description:

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

Read More

FEDORA-2024-29a74ac2b0

Packages in this update:

krb5-1.21.3-2.fc40

Update description:

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

Read More

FEDORA-2024-862f5c4156

Packages in this update:

krb5-1.21.3-2.fc39

Update description:

Security:

CVE-2024-3596: Fix for BlastRADIUS vulnerability in libkrad (support for Message-Authenticator attribute)
Marvin attack: Removal of the “RSA” method for PKINIT
Fix of miscellaneous mistakes in the code

Enhancement:

Rework of TCP request timeout (disabled by default, global timeout setting added)

Read More

USN-7085-1 fixed a vulnerability in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations in the X Keyboard Extension. An attacker could
use this issue to cause the X Server to crash, leading to a denial of
service, or possibly execute arbitrary code.

Read More

USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.

Original advisory details:

It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization
header on cross-origin redirects. A remote attacker could possibly use
this issue to obtain sensitive information.

Read More

FEDORA-EPEL-2024-c20a11cabc

Packages in this update:

yasm-1.3.0^20230922git9defefa-2.el9

Update description:

Update to latest upstream commit, fixes CVE-2021-31975 and CVE-2021-33454. Internal testsuite was also enabled as part of the build.

Read More