Read Time:7 Second
Organizations need to be aware of the threats to their mission-critical data and take urgent steps to protect their data assets
Daily Archives: June 5, 2024
#Infosec2024: Organizations Urged to Adopt Safeguards Before AI Adoption
Read Time:7 Second
Security leaders at Infosecurity Europe 2024 said organizations must establish security controls prior to AI adoption to mitigate very real risks to their business
#Infosec2024: Tackling Cyber Challenges of AI-Generated Code
Read Time:9 Second
If software developers want to benefit from AI-generated code tools, they must mitigate some of the risks they could bring first, Synopsys’ Lucas von Stockhausen said at Infosecurity Europe
ZDI-24-567: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-0444.
ZDI-24-564: Fuji Electric Monitouch V-SFT V9 File Parsing Type Confusion Remote Code Execution Vulnerability
Read Time:18 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5597.
ZDI-24-565: Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-566: Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
DSA-5706-1 libarchive – security update
Read Time:14 Second
An integer overflow vulnerability in the rar e8 filter was discovered in
libarchive, a multi-format archive and compression library, which may
result in the execution of arbitrary code if a specially crafted RAR
archive is processed.
DSA-5704-1 pillow – security update
Read Time:12 Second
Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service or the execution of
arbitrary code if malformed images are processed.
DSA-5705-1 tinyproxy – security update
Read Time:10 Second
A use-after-free was discovered in tinyproxy, a lightweight, non-caching,
optionally anonymizing HTTP proxy, which could result in denial of
service.