ZDI-24-1319: Autodesk Navisworks Freedom DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7672.

Read More

ZDI-24-1320: Autodesk Navisworks Freedom DWF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks Freedom. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7674.

Read More

USN-7051-1: AsyncSSH vulnerability

Read Time:18 Second

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH
protocol was vulnerable to a prefix truncation attack. If a remote attacker
was able to intercept SSH communications, extension negotiation messages
could be truncated, possibly leading to certain algorithms and features
being downgraded. This issue is known as the Terrapin attack. This update
adds protocol extensions to mitigate this issue.

Read More

A Vulnerability in Zimbra Collaboration Could Allow for Remote Code Execution

Read Time:20 Second

A vulnerability has been discovered in Zimbra Collaboration which could allow for remote code execution. Zimbra is a collaborative software suite that includes an email server and a web client. Successful exploitation of this vulnerability could allow for remote code execution in the context of the Zimbra user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data.

Read More