This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-51610.
Daily Archives: December 21, 2023
ZDI-23-1912: Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-51611.
ZDI-23-1913: Kofax Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-51612.
ZDI-23-1898: Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-29460.
ZDI-23-1899: Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-29460.
filezilla-3.66.4-1.fc38 libfilezilla-0.45.0-1.fc38
FEDORA-2023-7934efb5e3
Packages in this update:
filezilla-3.66.4-1.fc38
libfilezilla-0.45.0-1.fc38
Update description:
Fix for terrapin vulnerability
thunderbird-115.6.0-1.fc38
FEDORA-2023-608dd04117
Packages in this update:
thunderbird-115.6.0-1.fc38
Update description:
Update to 115.6.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
thunderbird-115.6.0-1.fc39
FEDORA-2023-7dee358171
Packages in this update:
thunderbird-115.6.0-1.fc39
Update description:
Update to 115.6.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
https://www.thunderbird.net/en-US/thunderbird/115.6.0/releasenotes/
Smashing Security podcast #353: Phone hacking, Piers Morgan, and Carole’s Christmas cockup
Piers Morgan is less than happy after a judgement that there is “no doubt” he knew phone hacking was going on at the Daily Mirror, and a shopper comes a-cropper just before Christmas.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
DSA-5582-1 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service, the execution of arbitrary code or spoofing
of signed PGP/MIME and SMIME emails.