SCALANCE XB213-3 (ST, PN) Security Vulnerabilities

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

Multiple vulnerabilities in TP-Link Omada system could lead to root access

The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN...

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is...

CVE-2022-42969 affecting package python-py 1.10.0-3

CVE-2022-42969 affecting package python-py 1.10.0-3. No patch is available...

CVE-2022-2929 affecting package dhcp 4.4.3-3

CVE-2022-2929 affecting package dhcp 4.4.3-3. This CVE either no longer is or was never...

CVE-2022-31629 affecting package php 7.4.14-3

CVE-2022-31629 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2022-36033 affecting package jsoup 1.11.3-3

CVE-2022-36033 affecting package jsoup 1.11.3-3. No patch is available...

CVE-2017-8923 affecting package php 7.4.14-3

CVE-2017-8923 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2017-9120 affecting package php 7.4.14-3

CVE-2017-9120 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21704 affecting package php 7.4.14-3

CVE-2021-21704 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2007-3205 affecting package php 7.4.14-3

CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2022-2928 affecting package dhcp 4.4.3-3

CVE-2022-2928 affecting package dhcp 4.4.3-3. This CVE either no longer is or was never...

CVE-2022-31628 affecting package php 7.4.14-3

CVE-2022-31628 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2017-9118 affecting package php 7.4.14-3

CVE-2017-9118 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2020-7071 affecting package php 7.4.14-3

CVE-2020-7071 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-22931 affecting package python-gevent for versions less than 21.1.2-3

CVE-2021-22931 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is...

CVE-2023-3724 affecting package mariadb for versions less than 10.6.9-3.cm2

CVE-2023-3724 affecting package mariadb for versions less than 10.6.9-3.cm2. A patched version of the package is...

CVE-2022-31626 affecting package php 7.4.14-3

CVE-2022-31626 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21705 affecting package php 7.4.14-3

CVE-2021-21705 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21703 affecting package php 7.4.14-3

CVE-2021-21703 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2020-27827 affecting package lldpd 1.0.4-3

CVE-2020-27827 affecting package lldpd 1.0.4-3. This CVE either no longer is or was never...

CVE-2021-21707 affecting package php 7.4.14-3

CVE-2021-21707 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2024-23653 affecting package moby-engine for versions less than 20.10.27-3

CVE-2024-23653 affecting package moby-engine for versions less than 20.10.27-3. A patched version of the package is...

CVE-2022-31625 affecting package php 7.4.14-3

CVE-2022-31625 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21708 affecting package php 7.4.14-3

CVE-2021-21708 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21702 affecting package php 7.4.14-3

CVE-2021-21702 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-37714 affecting package jsoup 1.11.3-3

CVE-2021-37714 affecting package jsoup 1.11.3-3. No patch is available...

CVE-2016-2568 affecting package polkit 0.119-3

CVE-2016-2568 affecting package polkit 0.119-3. No patch is available...

CVE-2000-0006 affecting package strace 5.1-3

CVE-2000-0006 affecting package strace 5.1-3. No patch is available...

CVE-2023-23916 affecting package cmake 3.21.4-3

CVE-2023-23916 affecting package cmake 3.21.4-3. No patch is available...

CVE-2023-23915 affecting package cmake 3.21.4-3

CVE-2023-23915 affecting package cmake 3.21.4-3. No patch is available...

CVE-2022-43552 affecting package cmake 3.21.4-3

CVE-2022-43552 affecting package cmake 3.21.4-3. No patch is available...

CVE-2023-22606 affecting package binutils 2.36.1-3

CVE-2023-22606 affecting package binutils 2.36.1-3. No patch is available...

CVE-2023-22607 affecting package binutils 2.36.1-3

CVE-2023-22607 affecting package binutils 2.36.1-3. No patch is available...

CVE-2023-22603 affecting package binutils 2.36.1-3

CVE-2023-22603 affecting package binutils 2.36.1-3. No patch is available...

CVE-2022-46392 affecting package fluent-bit 1.5.2-3

CVE-2022-46392 affecting package fluent-bit 1.5.2-3. No patch is available...

CVE-2022-44638 affecting package pixman 0.40.0-3

CVE-2022-44638 affecting package pixman 0.40.0-3. No patch is available...

CVE-2016-3709 affecting package libxml2 2.9.14-3

CVE-2016-3709 affecting package libxml2 2.9.14-3. This CVE either no longer is or was never...

CVE-2023-22604 affecting package binutils 2.36.1-3

CVE-2023-22604 affecting package binutils 2.36.1-3. No patch is available...

CVE-2022-2928 affecting package dhcp 4.4.2-3

CVE-2022-2928 affecting package dhcp 4.4.2-3. No patch is available...

CVE-2010-4226 affecting package cpio 2.13-3

CVE-2010-4226 affecting package cpio 2.13-3. This CVE either no longer is or was never...

CVE-2023-23914 affecting package cmake 3.21.4-3

CVE-2023-23914 affecting package cmake 3.21.4-3. This CVE either no longer is or was never...

CVE-2018-25032 affecting package ccache for versions less than 3.6-3

CVE-2018-25032 affecting package ccache for versions less than 3.6-3. A patched version of the package is...

CVE-2023-22609 affecting package binutils 2.36.1-3

CVE-2023-22609 affecting package binutils 2.36.1-3. No patch is available...

CVE-2023-22605 affecting package binutils 2.36.1-3

CVE-2023-22605 affecting package binutils 2.36.1-3. No patch is available...

CVE-2022-2929 affecting package dhcp 4.4.2-3

CVE-2022-2929 affecting package dhcp 4.4.2-3. No patch is available...

CVE-2022-38533 affecting package binutils 2.36.1-3

CVE-2022-38533 affecting package binutils 2.36.1-3. No patch is available...

CVE-2020-36325 affecting package jansson 2.11-3

CVE-2020-36325 affecting package jansson 2.11-3. No patch is available...

CVE-2023-25136 affecting package openssh 8.9p1-3

CVE-2023-25136 affecting package openssh 8.9p1-3. This CVE either no longer is or was never...

XAES-256-GCM

About a year ago I wrote that "I want to use XAES-256-GCM/11, which has a number of nice properties and only the annoying defect of not existing." Well, there is now an XAES-256-GCM specification. (Had to give up on the /11 part, but that was just a performance optimization.) XAES-256-GCM is an...