SCALANCE XB213-3LD (SC, PN) Security Vulnerabilities

December 13, 2022—KB5021249 (OS Build 20348.1366)

December 13, 2022—KB5021249 (OS Build 20348.1366) 12/22/22 IMPORTANT After November 22, 2022, there are no more optional, non-security preview releases for Windows Server 2022. Only cumulative monthly security updates (known as the "B" or Update Tuesday release) will continue for Windows Server...

CVE-2022-3270

In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and...

glibc bug fix and enhancement update

An update is available for glibc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.1...

Denial Of Service (DoS)

Scandium (Sc) Core is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the improper reseting of the pending inbound jobs counter after failing handshakes, which triggers incorrect throttling behavior resulting in permanent records...

IOTransfer V4 - Unquoted Service Path

...

Amazon Linux 2 : glibc (ALAS-2022-1869)

The version of glibc installed on the remote host is prior to 2.26-62. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1869 advisory. In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which...

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery...

glibc bug fix and enhancement update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.7...

The door is open for anyone to become a cyber defender

Throughout Cybersecurity Awareness Month, Microsoft has highlighted the importance of cybersecurity and provided resources to help people and organizations stay safe. It’s great to have this month as a reminder, and even better if that awareness becomes a year-round endeavor. Education is really...

Sandman - NTP Based Backdoor For Red Team Engagements In Hardened Networks

Sandman is a backdoor that is meant to work on hardened networks during red team engagements. Sandman works as a stager and leverages NTP (a protocol to sync time & date) to get and run an arbitrary shellcode from a pre-defined server. Since NTP is a protocol that is overlooked by many defenders...

Unbreakable Enterprise kernel security update

[5.15.0-3.60.5.1] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34721465] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - fs: do not compare against ->llseek (Jason A....

Unbreakable Enterprise kernel-container security update

[5.15.0-3.60.5.1.el8] - fs: remove no_llseek (Jason A. Donenfeld) [Orabug: 34721465] - vfio: do not set FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - dma-buf: remove useless FMODE_LSEEK flag (Jason A. Donenfeld) [Orabug: 34721465] - fs: do not compare against ->llseek (Jason A....

Amazon Linux 2 : glibc (ALAS-2022-1857)

The version of glibc installed on the remote host is prior to 2.26-61. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1857 advisory. A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of...

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase. In this blog, we...

Defenders beware: A case for post-ransomware investigations

Ransomware is one of the most pervasive threats that Microsoft Detection and Response Team (DART) responds to today. The groups behind these attacks continue to add sophistication to their tactics, techniques, and procedures (TTPs) as most network security postures increase. In this blog, we...

Sql injection

A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has.....

CVE-2022-3470 SourceCodester Human Resource Management System getstatecity.php sql injection

A vulnerability was found in SourceCodester Human Resource Management System. It has been classified as critical. Affected is an unknown function of the file getstatecity.php. The manipulation of the argument sc leads to sql injection. It is possible to launch the attack remotely. The exploit has.....