Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:26 Second

Multiple Vulnerabilities have been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

ZDI-24-295: Autodesk FBX Review ABC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23139.

Read More

ZDI-24-296: Autodesk DWG TrueView DWG File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk DWG TrueView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23138.

Read More

Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256)

Read Time:58 Second

What is the vulnerability?

Cyber threat actors are actively targeting Linear eMerge E3-Series to exploit a 5-year-old critical vulnerability. The vulnerability tracked as CVE-2019-7256 is a command injection flaw that could allow an attacker to cause remote code execution and full access to the system.

The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which underscores the importance of the potential widespread impact of this vulnerability.

What is the recommended Mitigation?

Nice has released a security bulletin that advises users to apply the latest firmware to mitigate the risk and recommends defensive measures to minimize the risk of exploitation. https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf

What FortiGuard Coverage is available?

FortiGuard Labs has an existing IPS signature “Linear.eMerge.card_scan_decoder.php.Command.Injection” to block any attack attempts targeting the vulnerability and has an OT virtual patch available for auto-patching.
Fortinet customers remain protected by the vulnerability; however, it is recommended to apply firmware patches released by the vendor to mitigate any risks.

Read More

micropython-1.22.2-1.fc41

Read Time:34 Second

FEDORA-2024-9f2a705459

Packages in this update:

micropython-1.22.2-1.fc41

Update description:

Automatic update for micropython-1.22.2-1.fc41.

Changelog

* Fri Mar 22 2024 Charalampos Stratakis <cstratak@redhat.com> – 1.22.2-1
– Update to 1.22.2
– Security fixes for CVE-2023-7158 and CVE-2023-7152
– Fixes: rhbz#2256176, rhbz#2256178, rhbz#2259215
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.21.0-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.21.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

Read More