This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47962.
Category Archives: Advisories
ZDI-24-1394: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.
ZDI-24-1393: Delta Electronics CNCSoft-G2 DPAX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.
ZDI-24-1392: Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-G2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-47963.
suricata-7.0.7-1.fc41
FEDORA-2024-b5da13e80a
Packages in this update:
suricata-7.0.7-1.fc41
Update description:
Various security, performance, accuracy, and stability issues have been fixed.
suricata-7.0.7-1.fc40
FEDORA-2024-8b08786765
Packages in this update:
suricata-7.0.7-1.fc40
Update description:
Various security, performance, accuracy, and stability issues have been fixed.
Multiple Vulnerabilities in Palo Alto Network’s Expedition Could Allow for Arbitrary Code Execution
Multiple Vulnerabilities in Palo Alto Network’s Expedition have been discovered, the most severe of which could allow for arbitrary code execution on Palo Alto Firewalls. Palo Alto Network’s Expedition is a migration tool designed to help organizations move configurations from other firewall platforms to Palo Alto’s PAN-OS. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the root user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data.
USN-7040-2: ConfigObj vulnerability
USN-7040-1 fixed a vulnerability in ConfigObj. This update
provides the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that ConfigObj contains regex that is susceptible to
catastrophic backtracking. An attacker could possibly use this issue to
cause a regular expression denial of service.
USN-7014-3: nginx vulnerability
USN-7014-1 fixed a vulnerability in nginx. This update
provides the corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that the nginx ngx_http_mp4 module incorrectly handled
certain malformed mp4 files. In environments where the mp4 directive is in
use, a remote attacker could possibly use this issue to cause nginx to
crash, resulting in a denial of service.
USN-6968-3: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and
PostgreSQL-16.
This update provides the corresponding updates for PostgreSQL-9.3 in
Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS.
Original advisory details:
Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.