This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-27861.
Category Archives: Advisories
ZDI-24-1276: Apple macOS AppleVADriver Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-27861.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-7033-1: Intel Microcode vulnerabilities
It was discovered that some Intel(R) Processors did not properly restrict
access to the Running Average Power Limit (RAPL) interface. This may allow
a local privileged attacker to obtain sensitive information.
(CVE-2024-23984)
It was discovered that some Intel(R) Processors did not properly implement
finite state machines (FSMs) in hardware logic. This may allow a local
privileged attacker to cause a denial of service (system crash).
(CVE-2024-24968)
GLSA 202409-25: Xpdf: Multiple Vulnerabilities
xen-4.17.5-2.fc39
FEDORA-2024-020dbf247c
Packages in this update:
xen-4.17.5-2.fc39
Update description:
x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]
update to xen-4.17.5
USN-7032-1: Tomcat vulnerability
It was discovered that Tomcat incorrectly handled HTTP trailer headers. A
remote attacker could possibly use this issue to perform HTTP request
smuggling.
xen-4.18.3-2.fc40
FEDORA-2024-051cf1553e
Packages in this update:
xen-4.18.3-2.fc40
Update description:
x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]
xen-4.19.0-4.fc41
FEDORA-2024-60809cb44e
Packages in this update:
xen-4.19.0-4.fc41
Update description:
x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817]
USN-7031-2: Puma vulnerability
USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS.
This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.