This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11158.
Category Archives: Advisories
ZDI-24-1649: Rockwell Automation Arena Simulation DOE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11156.
ZDI-24-1648: Linux Kernel Bluetooth HCI Request Race Condition Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5.
ZDI-24-1647: BlueZ Classic HID Missing Authentication Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-8805.
USN-7145-1: Expat vulnerability
It was discovered that Expat did not properly handle its internal state
when attempting to resume an unstarted parser. An attacker could use this
issue to cause a denial of service (application crash).
golang-github-chainguard-dev-git-urls-1.0.2-1.fc41 golang-github-task-3.40.1-1.fc41
FEDORA-2024-40d4ab1c94
Packages in this update:
golang-github-chainguard-dev-git-urls-1.0.2-1.fc41
golang-github-task-3.40.1-1.fc41
Update description:
Bugfix to mitigate CVE-2023-46402
DSA-5826-1 smarty3 – security update
Two security vulnerabilities were discovered in Smarty, a template
engine for PHP, which could result in PHP code injection or cross-site
scripting.
DSA-5827-1 proftpd-dfsg – security update
Brian Ristuccia discovered that in ProFTPD, a powerful modular
FTP/SFTP/FTPS server, supplemental group inheritance grants unintended
access to GID 0 because of the lack of supplemental groups from mod_sql.
USN-7141-1: oFono vulnerabilities
It was discovered that oFono incorrectly handled decoding SMS messages
leading to a stack overflow. A remote attacker could potentially use
this issue to cause a denial of service.
(CVE-2023-2794, CVE-2023-4233, CVE-2023-4234)
python3.14-3.14.0~a2-2.fc41
FEDORA-2024-54aa5fc4b2
Packages in this update:
python3.14-3.14.0~a2-2.fc41
Update description:
Security fix for CVE-2024-12254