This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Monthly Archives: March 2023
ZDI-23-223: Omron CX-One CXP File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-224: Omron CX-One CXP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
dcmtk-3.6.4-11.el8
FEDORA-EPEL-2023-40e1d58afe
Packages in this update:
dcmtk-3.6.4-11.el8
Update description:
This update contains several high and critical security fixes.
CVE-2021-41687/CVE-2021-41688/CVE-2021-41690
CVE-2021-41689
CVE-2022-2119/CVE-2022-2120/CVE-2022-2121
CVE-2022-43272
It also switches to use bundled charls v1 to match the behavior in Fedora.
dcmtk-3.6.6-12.el9
FEDORA-EPEL-2023-c14f77e922
Packages in this update:
dcmtk-3.6.6-12.el9
Update description:
This update contains several high and critical security fixes.
CVE-2021-41687/CVE-2021-41688/CVE-2021-41690
CVE-2021-41689
CVE-2022-2119/CVE-2022-2120/CVE-2022-2121
CVE-2022-43272
It also switches to use bundled charls v1 to match the behavior in Fedora.
[CVE-2023-25355/25356] No fix available – vulnerabilities in CoreDial sipXcom sipXopenfire
SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 06
SEC Consult Vulnerability Lab Security Advisory < 20230306-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Arris DG3450 Cable Gateway
vulnerable version: AR01.02.056.18_041520_711.NCS.10
fixed version: –
CVE number: CVE-2023-27571, CVE-2023-27572
impact: medium
homepage: https://www.commscope.com…
OpenBSD overflow
Posted by Erg Noor on Mar 06
Hi,
Fun OpenBSD bug.
ip_dooptions() will allow IPOPT_SSRR with optlen = 2.
save_rte() will set isr_nhops to very large value, which will cause
overflow in next ip_srcroute() call.
More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/
-erg
containerd-1.6.19-1.fc38
FEDORA-2023-cd000ea847
Packages in this update:
containerd-1.6.19-1.fc38
Update description:
Update containerd to 1.16.19
– Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2
– Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p
containerd-1.6.19-1.fc36
FEDORA-2023-aadd08ab96
Packages in this update:
containerd-1.6.19-1.fc36
Update description:
Update containerd to 1.16.19
– Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2
– Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p