SCALANCE XB213-3LD (SC, PN) Security Vulnerabilities

Cisco IOS Software Locator ID Separation Protocol DoS (cisco-sa-lisp-3gYXs3qP)

According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload....

Terratec dmx_6fire USB - Unquoted Service Path

...

Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path

...

Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage StateDB: it is the general interface to retrieve accounts and holds a map of...

Evmos transaction execution not accounting for all state transition after interaction with precompiles

Context stateObject: represents the state of an account and is used to store its updates during a state transition. This is accomplished using two in memory Storage variables: originStorage and dirtyStorage StateDB: it is the general interface to retrieve accounts and holds a map of...

yamato-sc-tain.com Cross Site Scripting vulnerability OBB-3909218

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

AnyDesk 7.0.15 Unquoted Service Path

...

AnyDesk 7.0.15 - Unquoted Service Path Vulnerability

...

AnyDesk 7.0.15 - Unquoted Service Path

...

Mageia: Security Advisory (MGASA-2024-0092)

The remote host is missing an update for...

ESET NOD32 Antivirus 17.0.16.0 Unquoted Service Path

...

ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path

...

ESET NOD32 Antivirus 17.0.16.0 - Unquoted Service Path Vulnerability

...

Rapid7 Nexpose 6.6.240 Unquoted Service Path

...

Rapid7 nexpose - (nexposeconsole) Unquoted Service Path Vulnerability

...

Rapid7 nexpose - 'nexposeconsole' Unquoted Service Path

...

Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability

A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input...

Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability

A vulnerability in the Locator ID Separation Protocol (LISP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability is due to the incorrect handling of LISP packets. An attacker could exploit....

Tenable Security Center Multiple Vulnerabilities (TNS-2024-06)

According to its self-reported version, the Tenable Security Center running on the remote host is . It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-06 advisory. Security Center leverages third-party software to help provide underlying functionality. One of the.....

Debian: Security Advisory (DLA-3775-1)

The remote host is missing an update for the...

DzzOffice Cross-Site Scripting Vulnerability (CNVD-2024-15545)

DzzOffice is a platform that provides online collaborative office suite functionality from the American company Big Desk (DzzOffice). The platform can be used to provide online documents, forms, webstores, presentations and other features. A cross-site scripting vulnerability exists in dzzoffice...

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1: SC-202403.1

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.1.1, 6.2.0 and 6.2.1: SC-202403.1 Arnie Cabral Mon, 03/25/2024 - 11:58 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components (sqlite) was...

[SECURITY] [DLA 3775-1] firefox-esr security update

Debian LTS Advisory DLA-3775-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 25, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.9.1esr-1~deb10u1 CVE...

Debian dla-3775 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3775 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private...

Debian: Security Advisory (DSA-5645-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5645-1] firefox-esr security update

Debian Security Advisory DSA-5645-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 23, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-29944 Manfred Paul...

[SECURITY] [DLA 3769-1] thunderbird security update

Debian LTS Advisory DLA-3769-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 23, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.9.0-1~deb10u1 CVE...

Debian dsa-5645 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5645 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This...

CVE-2024-29273

There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG...

CVE-2024-29273

There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG...

CVE-2024-29273

There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG...

Debian: Security Advisory (DSA-5643-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5643-1] firefox-esr security update

Debian Security Advisory DSA-5643-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 21, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-5388 CVE-2024-0743...

New details on TinyTurla’s post-compromise activity reveal full kill chain

Cisco Talos is providing an update on its two recent reports on a new and ongoing campaign where Turla, a Russian espionage group, deployed their TinyTurla-NG (TTNG) implant. We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures...

Debian dsa-5643 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5643 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

Cisco IOS Software Command Authorization Bypass (cisco-sa-aaascp-Tyj4fEJm)

According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command...

Pyradm - Python Remote Administration Tool Via Telegram

Remote administration crossplatfrom tool via telegram\ Coded with ❤️ python3 + aiogram3\ https://t.me/pt_soft v0.3 [X] Screenshot from target [X] Crossplatform [X] Upload/Download [X] Fully compatible shell [X] Process list [X] Webcam (video record or screenshot) [X] Geolocation [X] Filemanager...

Update Rollup 6 for System Center 2019 Orchestrator

Update Rollup 6 for System Center 2019 Orchestrator Applies to: System Center 2019 Orchestrator System Center 2019 Orchestrator UR1 System Center 2019 Orchestrator UR2 System Center 2019 Orchestrator UR3 Introduction This article describes the issues that have been fixed for Microsoft System...

Siemens SCALANCE XB-200/XC-200/XP-200/XF-200BA/XR-300WG Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

KiTTY 0.76.1.13 - 'Start Duplicated Session Hostname' Buffer Overflow

...

KiTTY 0.76.1.13 - Start Duplicated Session Username Buffer Overflow Exploit

...

KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow

...

KiTTY 0.76.1.13 - Start Duplicated Session Hostname Buffer Overflow Exploit

...

sc-nm.si Cross Site Scripting vulnerability OBB-3870615

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2024-1268)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1268)

The remote host is missing an update for the Huawei...

bdd-sc-niger.org Improper Access Control vulnerability OBB-3869526

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

[SECURITY] [DLA 3757-1] nss security update

Debian LTS Advisory DLA-3757-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost March 10, 2024 https://wiki.debian.org/LTS Package : nss Version : 2:3.42.1-1+deb10u8 CVE ID :...

Malicious code in @spectrocoin/sc-currencies (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e25c79935b85d9e21d6f39b9f9d5b8d7472c19cd2e49dd4239a6f7298e96502f) The OpenSSF Package Analysis project identified '@spectrocoin/sc-currencies' @ 9.9.99 (npm) as malicious. It is considered malicious because: The...

[SECURITY] [DLA 3748-1] thunderbird security update

Debian LTS Advisory DLA-3748-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.8.0-1~deb10u1 CVE...