A Vipre study reveals a 20% increase in business email compromise attacks
frr-8.5.5-1.fc39
FEDORA-2024-0c063be1cc
Packages in this update:
frr-8.5.5-1.fc39
Update description:
New version 8.5.5
USN-6940-1: snapd vulnerabilities
Neil McPhail discovered that snapd did not properly restrict writes to the
$HOME/bin path in the AppArmor profile for snaps using the home plug. An
attacker who could convince a user to install a malicious snap could use this
vulnerability to escape the snap sandbox. (CVE-2024-1724)
Zeyad Gouda discovered that snapd failed to properly check the file type when
extracting a snap. An attacker who could convince a user to install a malicious
snap containing non-regular files could then cause snapd to block indefinitely
while trying to read from such files and cause a denial of
service. (CVE-2024-29068)
Zeyad Gouda discovered that snapd failed to properly check the destination of
symbolic links when extracting a snap. An attacker who could convince a user to
install a malicious snap containing crafted symbolic links could then cause
snapd to write out the contents of the symbolic link destination into a
world-readable directory. This in-turn could allow a local unprivileged user to
gain access to privileged information. (CVE-2024-29069)
ZDI-24-1041: Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Google Chrome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-7261.
ZDI-24-1042: NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7253.
ZDI-24-1043: (0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Media Service Improper Handling of Exceptional Conditions Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-23930.
ZDI-24-1044: (0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Directory Traversal Arbitrary File Creation Vulnerability
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Pioneer DMH-WT7600NEX devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2024-23929.
ZDI-24-1045: (0Day) (Pwn2Own) Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation Vulnerability
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-23928.
ZDI-24-1046: (0Day) ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 2.6. The following CVEs are assigned: CVE-2024-7391.
ZDI-24-1047: (0Day) ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-7392.