Category Archives: Advisories

USN-6981-1: Drupal vulnerabilities

Read Time:17 Second

It was discovered that Drupal incorrectly sanitized uploaded filenames. A
remote attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-13671)

It was discovered that Drupal incorrectly sanitized archived filenames. A
remote attacker could possibly use this issue to overwrite arbitrary files,
or execute arbitrary code. (CVE-2020-28948, CVE-2020-28949)

Read More

DSA-5759-1 python3.11 – security update

Read Time:27 Second

Multiple security issues were discovered in Python, a high-level,
interactive, object-oriented language:

CVE-2024-0397

A race condition in the ssl module was found when accessing
CA certificates.

CVE-2024-4032

The ipaddress module contained incorrect information whether
some ipv4 and ipv6 address ranges are designated as globally
reachable or private.

CVE-2024-8088

Incorrect handling of path names in the zipfile module could
result in an infinite loop when processing a zip archive
(resulting in denial of service)

https://security-tracker.debian.org/tracker/DSA-5759-1

Read More

USN-6973-3: Linux kernel (AWS) vulnerabilities

Read Time:34 Second

It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– MMC subsystem;
– Network drivers;
– SCSI drivers;
– GFS2 file system;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,
CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)

Read More

SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP

Read Time:22 Second

Posted by David Brown via Fulldisclosure on Aug 24

Title
=====

SCHUTZWERK-SA-2024-004: Buffer overread in U-Boot DHCP

Status
======

PUBLISHED

Version
=======

1.0

CVE reference
=============

CVE-2024-42040

Link
====

https://www.schutzwerk.com/advisories/schutzwerk-sa-2024-004/

Text-only version:
https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2024-004.txt

Affected products/vendor
========================

Das U-Boot, https://docs.u-boot.org

Summary
=======

Das U-Boot (U-Boot) is a…

Read More