Read Time:6 Second
FEDORA-2024-dee1ef052e
Packages in this update:
firefox-132.0-2.fc40
Update description:
New upstream update (132.0)
Category Archives: Advisories
Multiple Vulnerabilities in Siemens InterMesh Subscriber Devices Could Allow for Remote Code Execution
Read Time:25 Second
Multiple vulnerabilities have been discovered in Siemens InterMesh Subscriber Devices, the most severe of which could allow for remote code execution. InterMesh leverages mesh radio technology and hardened alarm monitoring panels to create a private, self-healing network that delivers alarm signals. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Read Time:28 Second
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
xorg-x11-server-Xwayland-23.2.7-2.fc39
Read Time:7 Second
FEDORA-2024-cc2c07317b
Packages in this update:
xorg-x11-server-Xwayland-23.2.7-2.fc39
Update description:
CVE fix for CVE-2024-9632
xorg-x11-server-Xwayland-24.1.4-1.fc40
Read Time:9 Second
FEDORA-2024-275a45a146
Packages in this update:
xorg-x11-server-Xwayland-24.1.4-1.fc40
Update description:
xwayland 24.1.4 – CVE fix for CVE-2024-9632
xorg-x11-server-Xwayland-24.1.4-1.fc41
Read Time:9 Second
FEDORA-2024-80c8f31c55
Packages in this update:
xorg-x11-server-Xwayland-24.1.4-1.fc41
Update description:
xwayland 24.1.4 – CVE fix for CVE-2024-9632
USN-7084-1: urllib3 vulnerability
Read Time:8 Second
It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization header
on cross-origin redirects. A remote attacker could possibly use this issue
to obtain sensitive information.
USN-7064-2: nano vulnerability
Read Time:19 Second
USN-7064-1 fixed a vulnerability in nano. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
Read Time:15 Second
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 28
SEC Consult Vulnerability Lab Security Advisory < 20241023-0 >
=======================================================================
title: Authenticated Remote Code Execution
product: Multiple Xerox printers
(EC80xx, AltaLink, VersaLink, WorkCentre)
vulnerable version: see vulnerable versions below
fixed version: see solution section below
CVE number: CVE-2024-6333…
APPLE-SA-10-28-2024-8 visionOS 2.1
Read Time:24 Second
Posted by Apple Product Security via Fulldisclosure on Oct 28
APPLE-SA-10-28-2024-8 visionOS 2.1
visionOS 2.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121566.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
App Support
Available for: Apple Vision Pro
Impact: A malicious app may be able to run arbitrary shortcuts without
user consent…