Read Time:9 Second
If software developers want to benefit from AI-generated code tools, they must mitigate some of the risks they could bring first, Synopsys’ Lucas von Stockhausen said at Infosecurity Europe
Monthly Archives: June 2024
ZDI-24-567: GStreamer AV1 Video Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-0444.
ZDI-24-564: Fuji Electric Monitouch V-SFT V9 File Parsing Type Confusion Remote Code Execution Vulnerability
Read Time:18 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5597.
ZDI-24-565: Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-566: Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
DSA-5706-1 libarchive – security update
Read Time:14 Second
An integer overflow vulnerability in the rar e8 filter was discovered in
libarchive, a multi-format archive and compression library, which may
result in the execution of arbitrary code if a specially crafted RAR
archive is processed.
DSA-5704-1 pillow – security update
Read Time:12 Second
Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service or the execution of
arbitrary code if malformed images are processed.
DSA-5705-1 tinyproxy – security update
Read Time:10 Second
A use-after-free was discovered in tinyproxy, a lightweight, non-caching,
optionally anonymizing HTTP proxy, which could result in denial of
service.
Multiple Vulnerabilities in Progress Telerik Report Server Could Allow for Remote Code Execution
Read Time:31 Second
Multiple vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress’ business intelligence reporting suite through a web application. Successful chain exploitation of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services whose accounts are configured to have fewer rights on the system could be less impacted than those who operate with administrative rights.
London Hospitals Cancel Operations Following Ransomware Incident
Read Time:6 Second
A ransomware attack on a supplier of pathology services has forced leading London hospitals to cancel operations and divert emergency patients