This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5247.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5246.
This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5245.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30037.
What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679). Mirth Connect is an open-source data integration platform widely used by healthcare companies. It enables the management of information using bi-directional sending of many types of messages. Attackers could exploit this vulnerability for initial access or to compromise sensitive healthcare data. CISA has recently added CVE-2023-43208 to its Known Exploited Vulnerabilities (KEV) catalog on May 20th, 2024. What is the recommended Mitigation?Users are advised to update to the latest version of NextGen Healthcare Mirth Connect as per the vendor’s instructions. What FortiGuard Coverage is available?FortiGuard Labs released an IPS signature “NextGen.Healthcare.Mirth.Connect.Command.Injection” to detect and block attack attempts targeting the vulnerability (CVE-2023-37679 and CVE-2023-43208). The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-27834
Manfred Paul discovered that an attacker with arbitrary read and
write capability may be able to bypass Pointer Authentication.
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– MAC80211 subsystem;
– Tomoyo security module;
(CVE-2024-26622, CVE-2023-52530)
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– Block layer subsystem;
– Userspace I/O drivers;
– Ceph distributed file system;
– Ext4 file system;
– JFS file system;
– NILFS2 file system;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Logical Link layer;
– MAC80211 subsystem;
– Netlink;
– NFC subsystem;
– Tomoyo security module;
(CVE-2023-52524, CVE-2023-52530, CVE-2023-52601, CVE-2023-52439,
CVE-2024-26635, CVE-2023-52602, CVE-2024-26614, CVE-2024-26704,
CVE-2023-52604, CVE-2023-52566, CVE-2021-46981, CVE-2024-26622,
CVE-2024-26735, CVE-2024-26805, CVE-2024-26801, CVE-2023-52583)
mingw-python-requests-2.32.0-1.fc39
Update to requests-2.32.0, fixes CVE-2024-35195.
