Notorious threat actor IntelBroker is claiming to have stolen data from Apple and AMD
USN-6842-1: gdb vulnerabilities
It was discovered that gdb incorrectly handled certain memory operations
when parsing an ELF file. An attacker could possibly use this issue
to cause a denial of service. This issue is the result of an
incomplete fix for CVE-2020-16599. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-4285)
It was discovered that gdb incorrectly handled memory leading
to a heap based buffer overflow. An attacker could use this
issue to cause a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS.
(CVE-2023-1972)
It was discovered that gdb incorrectly handled memory leading
to a stack overflow. An attacker could possibly use this issue
to cause a denial of service. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-39128)
It was discovered that gdb had a use after free vulnerability
under certain circumstances. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2023-39129)
It was discovered that gdb incorrectly handled memory leading to a
heap based buffer overflow. An attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-39130)
chromium-126.0.6478.114-1.fc39
FEDORA-2024-dd14eefb0e
Packages in this update:
chromium-126.0.6478.114-1.fc39
Update description:
update to 126.0.6478.114
High CVE-2024-6100: Type Confusion in V8
High CVE-2024-6101: Inappropriate implementation in WebAssembly
High CVE-2024-6102: Out of bounds memory access in Dawn
High CVE-2024-6103: Use after free in Dawn
chromium-126.0.6478.114-1.fc40
FEDORA-2024-d2b54d5a9d
Packages in this update:
chromium-126.0.6478.114-1.fc40
Update description:
update to 126.0.6478.114
High CVE-2024-6100: Type Confusion in V8
High CVE-2024-6101: Inappropriate implementation in WebAssembly
High CVE-2024-6102: Out of bounds memory access in Dawn
High CVE-2024-6103: Use after free in Dawn
ZDI-24-821: Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with TIPC bearer enabled are vulnerable. The ZDI has assigned a CVSS rating of 9.0. The following CVEs are assigned: CVE-2024-36886.
ZDI-24-816: Microsoft Windows Menu DC Bitmap Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30082.
ZDI-24-817: VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5928.
ZDI-24-818: VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5929.
ZDI-24-819: VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5930.
ZDI-24-820: Windscribe Directory Traversal Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6141.