This vulnerability allows remote attackers to bypass authentication on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-6670.
Category Archives: Advisories
ZDI-24-1184: Progress Software WS_FTP Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WS_FTP. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-7744.
ZDI-24-1183: Delta Electronics DTN Soft BIN File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DTN Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8255.
DSA-5760-1 ghostscript – security update
Multiple security issues were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in denial of service and
potentially the execution of arbitrary code if malformed document files
are processed.
DSA-5761-1 chromium – security update
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
USN-6972-4: Linux kernel (Oracle) vulnerabilities
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
Kernel contained a race condition, leading to a NULL pointer dereference.
An attacker could possibly use this to cause a denial of service (system
crash). (CVE-2024-22099)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– User-Mode Linux (UML);
– GPU drivers;
– MMC subsystem;
– Network drivers;
– PHY drivers;
– Pin controllers subsystem;
– Xen hypervisor drivers;
– GFS2 file system;
– Core kernel;
– Bluetooth subsystem;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
– ALSA SH drivers;
(CVE-2024-26903, CVE-2024-35835, CVE-2023-52644, CVE-2024-39292,
CVE-2024-36940, CVE-2024-26600, CVE-2023-52629, CVE-2024-35955,
CVE-2023-52760, CVE-2023-52806, CVE-2024-39484, CVE-2024-26679,
CVE-2024-26654, CVE-2024-36901, CVE-2024-26687, CVE-2023-52470)
python3.13-3.13.0~rc1-3.fc41
FEDORA-2024-f28bec9f9c
Packages in this update:
python3.13-3.13.0~rc1-3.fc41
Update description:
Security fix for CVE-2024-8088
python3.13-3.13.0~rc1-3.fc39
FEDORA-2024-992047a33f
Packages in this update:
python3.13-3.13.0~rc1-3.fc39
Update description:
Security fix for CVE-2024-8088
python3.13-3.13.0~rc1-3.fc40
FEDORA-2024-5361efb19a
Packages in this update:
python3.13-3.13.0~rc1-3.fc40
Update description:
Security fix for CVE-2024-8088
python3.11-3.11.9-6.fc41
FEDORA-2024-8142adb4a8
Packages in this update:
python3.11-3.11.9-6.fc41
Update description:
Security fix for CVE-2024-8088