Read Time:6 Second
FEDORA-2024-2fb325d068
Packages in this update:
ruby-3.2.5-183.fc39
Update description:
Upgrade to Ruby 3.2.5.
Category Archives: Advisories
ZDI-24-1208: (0Day) Visteon Infotainment System DeviceManager iAP Serial Number SQL Injection Vulnerability
Read Time:13 Second
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment system. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-8355.
ZDI-24-1210: Microsoft Windows Drag and Drop SmartScreen Bypass Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to bypass the SmartScreen security feature on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-38213.
ZDI-24-1209: Microsoft Windows Defender SmartScreen Bypass Vulnerability
Read Time:18 Second
This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-38213.
ZDI-24-1222: Ivanti Workspace Control RES Exposed Dangerous Method Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Workspace Control. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8012.
ZDI-24-1221: Ivanti Endpoint Manager LoadMotherboardTable SQL Injection Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-34785.
ZDI-24-1220: Ivanti Endpoint Manager LoadSlotsTable SQL Injection Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-34783.
ZDI-24-1219: Ivanti Endpoint Manager loadModuleTable SQL Injection Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-34779.
ZDI-24-1218: Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-32848.
ZDI-24-1217: Ivanti Endpoint Manager loadSystemInfo SQL Injection Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-32846.