This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11789.
Category Archives: Advisories
ZDI-24-1614: (0Day) Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-11787.
USN-7126-1: libsoup vulnerabilities
It was discovered that libsoup ignored certain characters at the end of
header names. A remote attacker could possibly use this issue to perform
a HTTP request smuggling attack. (CVE-2024-52530)
It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2024-52531)
It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-52532)
USN-7127-1: libsoup3 vulnerabilities
It was discovered that libsoup ignored certain characters at the end of
header names. A remote attacker could possibly use this issue to perform
a HTTP request smuggling attack. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-52530)
It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2024-52531)
It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-52532)
DSA-5821-1 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
DSA-5820-1 firefox-esr – security update
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, spoofing or cross-site scripting.
python-django3-3.2.25-1.el8
FEDORA-EPEL-2024-31cdfc6c97
Packages in this update:
python-django3-3.2.25-1.el8
Update description:
Last update of Django3 for EPEL 8
USN-7130-1: GitHub CLI vulnerability
It was discovered that GitHub CLI incorrectly handled username
validation. An attacker could possibly use this issue to perform
remote code execution if the user connected to a malicious server.
(CVE-2024-52308)
USN-6988-2: Twisted vulnerability
USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that
previous releases were unaffected. This update provides the equivalent fix
for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.
Original advisory details:
Ben Kallus discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay and manipulate responses.
This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671)
USN-7129-1: TinyGLTF vulnerability
It was discovered that TinyGLTF performed file path expansion in an
insecure way on certain inputs. An attacker could possibly use this
issue to cause a denial of service, or execute arbitrary code.