This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Posted by Thomas Weber on May 11
CyberDanube Security Research 20230511-0
——————————————————————————-
title| Multiple Vulnerabilities
product| EKI-1524-CE series, EKI-1522 series, EKI-1521 series
vulnerable version| 1.21
fixed version| 1.24
CVE number| CVE-2023-2573, CVE-2023-2574, CVE-2023-2575
impact| High
homepage| https://advantech.com…
Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.
kernel-6.2.15-100.fc36
The 6.2.15 stable kernel update contains a number of important fixes across the tree.
kernel-6.2.15-300.fc38
The 6.2.15 stable kernel update contains a number of important fixes across the tree.
kernel-6.2.15-200.fc37
The 6.2.15 stable kernel update contains a number of important fixes across the tree.
A group of cybercriminals based in Israel has launched more than 350 business email compromise (BEC) campaigns over the past two years, targeting large multinational companies from around the world. The group stands out with some of the techniques it uses, including email display name spoofing and multiple fake personas in the email chains, and through the abnormally large sums of money the attempt to extract from organizations.
“Like most other threat actors that focus on business email compromise, this group is fairly industry agnostic in their targets,” researchers from cloud email security firm Abnormal Security said in a report. “They target multiple industries simultaneously, including manufacturing, financial services, technology, retail, healthcare, energy, and media.”
libssh-0.10.5-1.fc38
Update to 0.10.5 (CVE-2023-1667 CVE-2023-2283)
Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly
handled deleted volume attachments. An authenticated user or attacker could
possibly use this issue to gain access to sensitive information.
This update may require configuration changes to be completely effective,
please see the upstream advisory for more information:
https://security.openstack.org/ossa/OSSA-2023-003.html
