FEDORA-2024-e4b68c962c

Packages in this update:

vim-9.1.703-1.fc39

Update description:

patchlevel 703

Security fixes for CVE-2024-43374, CVE-2024-43802

Read More

FEDORA-2024-bb4b6da0b6

Packages in this update:

vim-9.1.703-1.fc40

Update description:

patchlevel 703

Security fixes for CVE-2024-43374, CVE-2024-43802

Read More

FEDORA-2024-2960d36420

Packages in this update:

vim-9.1.703-1.fc41

Update description:

patchlevel 703

Security fixes for CVE-2024-43374, CVE-2024-43802

Read More

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-8360.

Read More

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-8359.

Read More

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-8358.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8357.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-8356.

Read More

William Khem-Marquez discovered that Pymatgen, a Python library for
materials analysis, could be tricked into running arbitrary code if a
malformed CIF file is processed.

https://security-tracker.debian.org/tracker/DSA-5763-1

Read More

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-4558

An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.

CVE-2024-40776

Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40779

Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40780

Huang Xilin dicovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40782

Maksymilian Motyl discovered that processing maliciously crafted
web content may lead to an unexpected process crash.

CVE-2024-40785

Johan Carlsson discovered that processing maliciously crafted web
content may lead to a cross site scripting attack.

CVE-2024-40789

Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40794

Matthew Butler discovered that private Browsing tabs may be
accessed without authentication.

https://security-tracker.debian.org/tracker/DSA-5762-1

Read More