Fabian Vogt discovered that the KDE session management server insufficiently restricted ICE connections from localhost, which could allow a local attacker to execute arbitrary code as another user on next boot.
Comment
Archive for June 27th, 2024
10 results.
SQLite could be made to crash or execute arbitrary code.
Several security issues were fixed in Squid.
Several security issues were fixed in FontForge.
Wget could be made to connect to a different host than expected.
OpenSSL could be made to consume resources and cause long delays if it processed certain input.
Update to upstream OpenVPN 2.6.11 CVE-2024-5594: control channel: refuse control channel messages with nonprintable characters in them CVE-2024-28882: only call schedule_exit() once (on a given peer)
Fix for multiple CVEs
update to 126.0.6478.126 High CVE-2024-6290: Use after free in Dawn High CVE-2024-6291: Use after free in Swiftshader High CVE-2024-6292: Use after free in Dawn High CVE-2024-6293: Use after free in Dawn
Fix CVE-2024-2698 and CVE-2024-3183