This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Monthly Archives: May 2023
ZDI-23-584: Autodesk 3DS Max USD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CyberDanube Security Research 20230511-0 | Multiple Vulnerabilities in Advantech EKI-15XX Series
Posted by Thomas Weber on May 11
CyberDanube Security Research 20230511-0
——————————————————————————-
title| Multiple Vulnerabilities
product| EKI-1524-CE series, EKI-1522 series, EKI-1521 series
vulnerable version| 1.21
fixed version| 1.24
CVE number| CVE-2023-2573, CVE-2023-2574, CVE-2023-2575
impact| High
homepage| https://advantech.com…
CVE-2020-13378
Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.
kernel-6.2.15-100.fc36
FEDORA-2023-00393126a0
Packages in this update:
kernel-6.2.15-100.fc36
Update description:
The 6.2.15 stable kernel update contains a number of important fixes across the tree.
kernel-6.2.15-300.fc38
FEDORA-2023-26325e5399
Packages in this update:
kernel-6.2.15-300.fc38
Update description:
The 6.2.15 stable kernel update contains a number of important fixes across the tree.
kernel-6.2.15-200.fc37
FEDORA-2023-dfd4a6e8f2
Packages in this update:
kernel-6.2.15-200.fc37
Update description:
The 6.2.15 stable kernel update contains a number of important fixes across the tree.
Israeli threat group uses fake company acquisitions in CEO fraud schemes
A group of cybercriminals based in Israel has launched more than 350 business email compromise (BEC) campaigns over the past two years, targeting large multinational companies from around the world. The group stands out with some of the techniques it uses, including email display name spoofing and multiple fake personas in the email chains, and through the abnormally large sums of money the attempt to extract from organizations.
“Like most other threat actors that focus on business email compromise, this group is fairly industry agnostic in their targets,” researchers from cloud email security firm Abnormal Security said in a report. “They target multiple industries simultaneously, including manufacturing, financial services, technology, retail, healthcare, energy, and media.”
libssh-0.10.5-1.fc38
FEDORA-2023-741d5f1fd3
Packages in this update:
libssh-0.10.5-1.fc38
Update description:
Update to 0.10.5 (CVE-2023-1667 CVE-2023-2283)
USN-6073-4: os-brick vulnerability
Jan Wasilewski and Gorka Eguileor discovered that os-brick incorrectly
handled deleted volume attachments. An authenticated user or attacker could
possibly use this issue to gain access to sensitive information.
This update may require configuration changes to be completely effective,
please see the upstream advisory for more information:
https://security.openstack.org/ossa/OSSA-2023-003.html