This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11156.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11155.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11156.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11156.

Read More

It was discovered that Expat did not properly handle its internal state
when attempting to resume an unstarted parser. An attacker could use this
issue to cause a denial of service (application crash).

Read More

FEDORA-2024-40d4ab1c94

Packages in this update:

golang-github-chainguard-dev-git-urls-1.0.2-1.fc41
golang-github-task-3.40.1-1.fc41

Update description:

Bugfix to mitigate CVE-2023-46402

Read More

Brian Ristuccia discovered that in ProFTPD, a powerful modular
FTP/SFTP/FTPS server, supplemental group inheritance grants unintended
access to GID 0 because of the lack of supplemental groups from mod_sql.

https://security-tracker.debian.org/tracker/DSA-5827-1

Read More

Two security vulnerabilities were discovered in Smarty, a template
engine for PHP, which could result in PHP code injection or cross-site
scripting.

https://security-tracker.debian.org/tracker/DSA-5826-1

Read More

It was discovered that oFono incorrectly handled decoding SMS messages
leading to a stack overflow. A remote attacker could potentially use
this issue to cause a denial of service.
(CVE-2023-2794, CVE-2023-4233, CVE-2023-4234)

Read More

FEDORA-2024-54aa5fc4b2

Packages in this update:

python3.14-3.14.0~a2-2.fc41

Update description:

Security fix for CVE-2024-12254

Read More