This vulnerability allows local attackers to escalate privileges on affected installations of Comodo Internet Security Pro. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.
Category Archives: Advisories
CyberDanube Security Research 20240722-0 | Multiple Vulnerabilities in Perten/PerkinElmer ProcessPlus
Posted by Thomas Weber via Fulldisclosure on Jul 22
CyberDanube Security Research 20240722-0
——————————————————————————-
title| Multiple Vulnerabilities
product| Perten Instruments Process Plus Software
vulnerable version| <=1.11.6507.0
fixed version| 2.0.0
CVE number| CVE-2024-6911, CVE-2024-6912, CVE-2024-6913
impact| High
homepage| https://perkinelmer.com…
USN-6905-1: Rack vulnerabilities
It was discovered that Rack incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Rack to consume resources, leading to a denial of service.
(CVE-2023-27539)
It was discovered that Rack incorrectly handled Multipart MIME parsing.
A remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-27530)
A Vulnerability in Cisco Secure Email Gateway Could Allow for Remote Code Execution
A vulnerability has been discovered in Cisco Secure Email Gateway that could allow for remote code execution. Cisco Secure Email Gateway is an email security product that uses signature analysis and machine learning to identify and block malicious emails before they reach recipients inboxes. Successful exploitation could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device.
exim-4.98-2.el8
FEDORA-EPEL-2024-0f1d365d9d
Packages in this update:
exim-4.98-2.el8
Update description:
This is an update enabling SRS support.
This is new version of exim fixing CVE-2024-39929.
USN-6904-1: PyMongo vulnerability
It was discovered that PyMongo incorrectly handled certain BSON.
An attacker could possibly use this issue to read sensitive information
or cause a crash.
xdg-desktop-portal-hyprland-1.3.3-2.fc40
FEDORA-2024-61c5b8951b
Packages in this update:
xdg-desktop-portal-hyprland-1.3.3-2.fc40
Update description:
Update to 1.3.3
https://github.com/hyprwm/xdg-desktop-portal-hyprland/releases/tag/v1.3.3
xdg-desktop-portal-hyprland-1.3.3-2.fc39
FEDORA-2024-295a735fbc
Packages in this update:
xdg-desktop-portal-hyprland-1.3.3-2.fc39
Update description:
Update to 1.3.3
https://github.com/hyprwm/xdg-desktop-portal-hyprland/releases/tag/v1.3.3
ZDI-24-952: Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39881.
ZDI-24-951: Delta Electronics CNCSoft-G2 DPAX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-39883.