SCALANCE XB213-3LD (SC, PN) Security Vulnerabilities

[SECURITY] [DLA 3747-1] firefox-esr security update

Debian LTS Advisory DLA-3747-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.8.0esr-1~deb10u1 CVE...

Debian dla-3747 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...

Debian: Security Advisory (DLA-3747-1)

The remote host is missing an update for the...

CentOS 9 : glibc-2.34-83.el9.7

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the glibc-2.34-83.el9.7 build changelog. potential use-after-free in getaddrinfo (RHEL-2426) (CVE-2023-4806) buffer overflow in ld.so leading to privilege escalation (RHEL-3000)...

kernel security update

[4.18.0-513.18.0.2.el8_9] - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623} - x86/sev: Check for user-space IOIO pointing to kernel space {CVE-2023-46813} - x86/sev: Check IOBM for...

FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks

The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in.....

CVE-2024-1892

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an...

Mageia: Security Advisory (MGASA-2024-0049)

The remote host is missing an update for...

Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path Vulnerabilities

Tosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the...

Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path

...

Tosibox Key Service 3.3.0 Local Privilege Escalation

Title: Tosibox Key Service 3.3.0 Local Privilege Escalation Advisory ID: ZSL-2024-5812 Type: Local Impact: Privilege Escalation Risk: (3/5) Release Date: 23.02.2024 Summary TOSIBOX® SoftKey is a software that enables a secure connection between your computer and one or more TOSIBOX® Nodes,...

Debian: Security Advisory (DSA-5627-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5627-1] firefox-esr security update

Debian Security Advisory DSA-5627-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 21, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-1546 CVE-2024-1547...

Debian dsa-5627 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5627 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....

Security Bulletin: Due to use of Apache Tomcat, App Connect Professional is vulnerable to HTTP request smuggling.

Summary App Connect Professional has addressed the following vulnerability reported in Apache Tomcat. (CVE-2023-46589) Vulnerability Details ** CVEID: CVE-2023-46589 DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By...

Siemens SCALANCE SC-600 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional.

Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in October 2023, App Connect Professional has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-22081 ...

Unbreakable Enterprise kernel security update

[5.15.0-203.146.5.1] - Revert 'selftests/bpf: Test tail call counting with bpf2bpf and data on stack' (Samasth Norway Ananda) [Orabug: 36277693] - Revert 'tcp: fix excessive TLP and RACK timeouts from HZ rounding' (Sherry Yang) [Orabug: 36277684] [5.15.0-203.146.5] - i2c: core: Fix atomic xfer...

Zyxel zysh - Format string Exploit

Proof of concept format string exploit for Zyxel zysh. Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21,.....

Zyxel zysh Format String Proof Of Concept

...

kernel security update

[5.14.0-362.18.0.2] - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve {CVE-2023-4623} - dpll: core: Add DPLL framework base functions {CVE-2023-6679} - dpll: spec: Add Netlink spec in YAML...

Zyxel zysh - Format string

...

CentOS 8 : glibc (CESA-2023:5455)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:5455 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa...

Exploring the (Not So) Secret Code of Black Hunt Ransomware

It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black...

Mageia: Security Advisory (MGASA-2024-0023)

The remote host is missing an update for...

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution

...

WebCatalog 48.4 - Arbitrary Protocol Execution

...

Debian: Security Advisory (DLA-3727-1)

The remote host is missing an update for the...

[SECURITY] [DLA 3727-1] firefox-esr security update

Debian LTS Advisory DLA-3727-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 31, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.7.0esr-1~deb10u1 CVE...

Security Bulletin: IBM Spectrum Conductor provides upgraded software packages to address known CVEs

IBM Spectrum Conductor 2.5.1 Fix 601861 provides upgraded software packages to address known CVEs. Several software versions have been upgraded with Fix 601861. IBM Spectrum Conductor 2.5.1 Fix 601861 is a security fix that provides upgraded versions of software packages included with IBM Spectrum....

Debian dla-3727 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3727 advisory. An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects...

Savant 3.0 Denial Of Service

...

[SECURITY] [DLA 3720-1] thunderbird security update

Debian LTS Advisory DLA-3720-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 25, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.7.0-1~deb10u1 CVE...

Debian: Security Advisory (DSA-5606-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5606-1] firefox-esr security update

Debian Security Advisory DSA-5606-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 24, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-0741 CVE-2024-0742...

Security Testing: Types, Tools, and Best Practices

Opening Note: Understanding the Core Concepts of Security Analysis Continual developments in technology have elevated the significance of security analysis, a critical phase in software design. You can think of it as a vital diagram within the process of coding, engineered to identify and resolve.....

Debian dsa-5606 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5606 advisory. An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects...

TrojanSpy Win32 Nivdort MVID-2024-0668 Insecure Permissions

...

CVE-2024-0381

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers...

CVE-2024-0381

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers...

CVE-2023-6958

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

CVE-2023-6958

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

Cross site scripting

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

Cross site scripting

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers...

CVE-2023-6958

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers....

CVE-2024-0381

The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers...

Mageia: Security Advisory (MGASA-2024-0012)

The remote host is missing an update for...

Siemens SCALANCE Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2023-44373)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...

Siemens SCALANCE Use of Weak Hash (CVE-2023-44319)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...

Siemens SCALANCE Use of Hard-coded Cryptographic Key (CVE-2023-44318)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, SCALANCE M812-1 ADSL- Router (Annex A), SCALANCE M812-1 ADSL-Router (Annex B), SCALANCE M816-1 ADSL-Router (Annex A), SCALANCE M816-1 ADSL-Router (Annex B), SCALANCE M826-2...