Advisories
-
ZDI-25-028: Microsoft Office Word RTF File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-21298. Read More
-
ZDI-25-029: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-21331. Read More
-
ZDI-25-030: Microsoft Office Word DOCX File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-21363. Read More
-
git-lfs-3.6.1-1.fc41
FEDORA-2025-1de066b8af Packages in this update: git-lfs-3.6.1-1.fc41 Update description: Update to latest version Fix CVE-2024-53263 Read More
-
git-lfs-3.6.1-1.fc40
FEDORA-2025-50deb0acd5 Packages in this update: git-lfs-3.6.1-1.fc40 Update description: Update to latest version Fix CVE-2024-53263 Read More
-
USN-7206-1: rsync vulnerabilities
Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync did not properly handle checksum lengths. An attacker could use this issue to execute arbitrary code. (CVE-2024-12084) Simon Scannell, Pedro Gallegos, and Jasiel Spelman discovered that rsync compared checksums with uninitialized memory. An attacker could exploit this issue to leak sensitive information. (CVE-2024-12085) Simon Scannell,…
-
Microsoft: Happy 2025. Here’s 161 Security Updates
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7‘s Adam Barnett says January marks the fourth consecutive month…
-
Multiple Vulnerabilities in Fortinet Products Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure…
-
webkit2gtk4.0-2.46.5-1.fc41
FEDORA-2025-0cb4a35438 Packages in this update: webkit2gtk4.0-2.46.5-1.fc41 Update description: Update to 2.46.5 Read More
-
webkit2gtk4.0-2.46.5-1.fc40
FEDORA-2025-e45eecf53a Packages in this update: webkit2gtk4.0-2.46.5-1.fc40 Update description: Update to 2.46.5 Read More