This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-10204.
Category Archives: Advisories
ZDI-24-1531: RSA Security SecureID Software Token for Microsoft Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of RSA Security SecureID Software Token for Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
python-aiohttp-3.9.5-2.fc40
FEDORA-2024-04ceb82dc7
Packages in this update:
python-aiohttp-3.9.5-2.fc40
Update description:
Security fix for CVE-2024-52304
python-aiohttp-3.10.5-3.fc41
FEDORA-2024-49df7093ac
Packages in this update:
python-aiohttp-3.10.5-3.fc41
Update description:
Security fix for CVE-2024-52304
DSA-5816-1 libmodule-scandeps-perl – security update
The Qualys Threat Research Unit discovered that libmodule-scandeps-perl,
a Perl module to recursively scan Perl code for dependencies, allows an
attacker to execute arbitrary shell commands via specially crafted file
names.
Details can be found in the Qualys advisory at
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
DSA-5815-1 needrestart – security update
The Qualys Threat Research Unit discovered several local privilege
escalation vulnerabilities in needrestart, a utility to check which
daemons need to be restarted after library upgrades. A local attacker
can execute arbitrary code as root by tricking needrestart into running
the Python interpreter with an attacker-controlled PYTHONPATH
environment variable (CVE-2024-48990) or running the Ruby interpreter
with an attacker-controlled RUBYLIB environment variable
(CVE-2024-48992). Additionally a local attacker can trick needrestart
into running a fake Python interpreter (CVE-2024-48991) or cause
needrestart to call the Perl module Module::ScanDeps with
attacker-controlled files (CVE-2024-11003).
Details can be found in the Qualys advisory at
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
libsndfile-1.2.2-5.fc41
FEDORA-2024-1318318e7a
Packages in this update:
libsndfile-1.2.2-5.fc41
Update description:
fix crash in in ogg vorbis (#2322326) (CVE-2024-50612)
Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Authentication Bypass
Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for authentication bypass. PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls. Successful exploitation could allow for authentication bypass with administrator privileges. An attacker could then install programs; view, change, or delete data.
libsndfile-1.2.2-5.fc42
FEDORA-2024-bb1826234a
Packages in this update:
libsndfile-1.2.2-5.fc42
Update description:
Automatic update for libsndfile-1.2.2-5.fc42.
Changelog
* Mon Nov 18 2024 Michal Hlavinka <mhlavink@redhat.com> – 1.2.2-5
– fix crash in in ogg vorbis (rhbz#2322326) (CVE-2024-50612)
libsndfile-1.2.2-4.fc40
FEDORA-2024-3ae3a47901
Packages in this update:
libsndfile-1.2.2-4.fc40
Update description:
fix crash in in ogg vorbis (rhbz#2322326) (CVE-2024-50612)