Category Archives: Advisories

Multiple Vulnerabilities in FortiNAC Could Allow for Arbitrary Code Execution

Read Time:34 Second

Multiple vulnerabilities have been discovered in FortiNAC, the most severe of which could allow for arbitrary code execution. FortiNAC is a network access control solution that oversees and protects all digital assets connected to an enterprise network. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

clamav-0.103.8-1.fc36

Read Time:42 Second

FEDORA-2023-c0657c3ed0

Packages in this update:

clamav-0.103.8-1.fc36

Update description:

ClamAV 0.103.8 is a critical patch release with the following fixes:

CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

Read More

clamav-0.103.8-1.el7

Read Time:42 Second

FEDORA-EPEL-2023-ef27d9fd2b

Packages in this update:

clamav-0.103.8-1.el7

Update description:

ClamAV 0.103.8 is a critical patch release with the following fixes:

CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

Read More

clamav-0.103.8-1.el9

Read Time:42 Second

FEDORA-EPEL-2023-47d3bcd891

Packages in this update:

clamav-0.103.8-1.el9

Update description:

ClamAV 0.103.8 is a critical patch release with the following fixes:

CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

Read More

clamav-0.103.8-1.fc37

Read Time:42 Second

FEDORA-2023-d686b8d48f

Packages in this update:

clamav-0.103.8-1.fc37

Update description:

ClamAV 0.103.8 is a critical patch release with the following fixes:

CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

Read More

clamav-0.103.8-1.el8

Read Time:42 Second

FEDORA-EPEL-2023-0526248f26

Packages in this update:

clamav-0.103.8-1.el8

Update description:

ClamAV 0.103.8 is a critical patch release with the following fixes:

CVE-2023-20032https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

CVE-2023-20052https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

Read More

Remote Code Execution in Kardex MLOG

Read Time:15 Second

Posted by Patrick Hener on Feb 16

Remote Code Execution in Kardex MLOG
=======================================================================
Product: Kardex Mlog MCC
Vendor: Kardex Holding AG
Tested Version: 5.7.12+0-a203c2a213-master
Fixed Version: inline patch – no new version number
Vulnerability Type: Improper Control of Generation of Code (“RFI”) – CWE-94
CVSSv2 Severity:…

Read More