This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13044.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13043.

Read More

Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework and its codecs and demuxers, which may result in denial
of service or potentially the execution of arbitrary code if a malformed
media file is opened.

https://security-tracker.debian.org/tracker/DSA-5838-1

Read More

FEDORA-2024-112fde4e1b

Packages in this update:

ofono-2.14-1.fc40

Update description:

Update to v2.14

Read More

FEDORA-FLATPAK-2024-5ad8ccec67

Packages in this update:

icecat-flatpak-115.18.0-2

Update description:

Updated patchset for CVE-2024-11693 CVE-2024-11697 CVE-2024-11692

Read More

FEDORA-2024-bfc5e25437

Packages in this update:

mupdf-1.24.6-2.fc40

Update description:

fix CVE-2024-46657 (rhbz#2331626)

Read More

FEDORA-EPEL-2024-94a20f339a

Packages in this update:

mupdf-1.21.1-6.el9

Update description:

fix CVE-2024-46657 (rhbz#2331625)

Read More

Two security issues have been discovered in FastNetMon, a fast DDoS
analyzer: Malformed Netflow/sFlow traffic could result in denial of
service.

https://security-tracker.debian.org/tracker/DSA-5837-1

Read More

Multiple vulnerabilities have been discovered in the Xen hypervisor,
which could result in privilege escalation, denial of service or
information leaks.

https://security-tracker.debian.org/tracker/DSA-5836-1

Read More

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-54479

Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-54502

Brendon Tiszka discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-54505

Gary Kwong discovered that processing maliciously crafted web
content may lead to memory corruption.

CVE-2024-54508

linjy, chluo and Xiangwei Zhang discovered that processing
maliciously crafted web content may lead to an unexpected process
crash.

https://security-tracker.debian.org/tracker/DSA-5835-1

Read More