This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-6232.
Monthly Archives: February 2024
ZDI-24-093: (Pwn2Own) Canon imageCLASS MF753Cdw SLP service-url Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-6233.
ZDI-24-094: (Pwn2Own) Canon imageCLASS MF753Cdw CADM setResource Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-6234.
ZDI-24-095: Canon imageCLASS MF753Cdw Fax Job Heap-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-0244.
ZDI-24-087: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Server-Side Request Forgery Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2023-22817.
ZDI-24-088: (Pwn2Own) Western Digital MyCloud PR4100 RESTSDK Uncontrolled Resource Consumption Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2023-22819.
openexr-3.1.10-5.fc40
FEDORA-2024-55247f3a4f
Packages in this update:
openexr-3.1.10-5.fc40
Update description:
Automatic update for openexr-3.1.10-5.fc40.
Changelog
* Mon Feb 5 2024 Benjamin A. Beasley <code@musicinmybrain.net> – 3.1.10-5
– Backport proposed fix for CVE-2023-5841 to 3.1.10 (fix RHBZ#2262406)
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.10-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.10-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
Deepfake Fraud
A deepfake video conference call—with everyone else on the call a fake—fooled a finance worker into sending $25M to the criminals’ account.
Pennsylvania Courts’ Website Disrupted by DoS Attack
A number of court web systems have been taken offline in the US state of Pennsylvania following a denial of service attack
firecracker-1.6.0-6.fc38 libkrun-1.7.2-4.fc38 rust-event-manager-0.4.0-2.fc38 rust-kvm-bindings-0.7.0-1.fc38 rust-kvm-ioctls-0.16.0-3.fc38 rust-linux-loader-0.11.0-1.fc38 rust-userfaultfd-0.8.1-2.fc38 rust-versionize-0.2.0-2.fc38 rust-vhost-0.10.0-2.fc38 rust-vhost-user-backend-0.13.1-2.fc38 rust-virtio-queue-0.11.0-1.fc38 rust-vm-memory-0.14.0-1.fc38 rust-vm-superio-0.7.0-4.fc38 rust-vmm-sys-util-0.12.1-2.fc38 virtiofsd-1.10.1-1.fc38
FEDORA-2024-f2305d485f
Packages in this update:
firecracker-1.6.0-6.fc38
libkrun-1.7.2-4.fc38
rust-event-manager-0.4.0-2.fc38
rust-kvm-bindings-0.7.0-1.fc38
rust-kvm-ioctls-0.16.0-3.fc38
rust-linux-loader-0.11.0-1.fc38
rust-userfaultfd-0.8.1-2.fc38
rust-versionize-0.2.0-2.fc38
rust-vhost-0.10.0-2.fc38
rust-vhost-user-backend-0.13.1-2.fc38
rust-virtio-queue-0.11.0-1.fc38
rust-vm-memory-0.14.0-1.fc38
rust-vmm-sys-util-0.12.1-2.fc38
rust-vm-superio-0.7.0-4.fc38
virtiofsd-1.10.1-1.fc38
Update description:
Update rust-vmm components and their consumers to address CVE-2023-50711