SCALANCE XB213-3LD (SC, PN) Security Vulnerabilities

CVE-2023-5660

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

CVE-2023-5660

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

CVE-2023-5660

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

Cross site scripting

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

CVE-2023-5660

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

Update Rollup 2 for System Center 2022 Virtual Machine Manager

Update Rollup 2 for System Center 2022 Virtual Machine Manager Applies to Microsoft System Center 2022 Virtual Machine Manager Introduction This article lists the new enhancements and bug fixes that come with System Center Virtual Machine Manager 2022 UR2 release. This article also provides the...

Rocky Linux 8 : glibc (RLSA-2021:1585)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1585 advisory. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding...

Rocky Linux 8 : glibc (RLSA-2022:0896)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0896 advisory. A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is...

Mageia: Security Advisory (MGASA-2023-0308)

The remote host is missing an update for...

CVE-2023-46964

Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end...

Cross site scripting

Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end...

Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-407)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-407 advisory. A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. (CVE-2023-5156) Note that Nessus has not...

CVSS v4 Is Now Live and What You Need To Know About It

On November 1st, 2023, the Common Vulnerability Scoring System version 4 (CVSS v4) was officially launched in General Availability (GA) following a period of public preview and feedback collection. This launch was orchestrated by the Forum of Incident Response and Security Teams (FIRST), marking a....

sc-centers.de Improper Access Control vulnerability OBB-3771342

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-5627

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web...

Design/Logic Flaw

A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web...

sc-hoerstel.de Improper Access Control vulnerability OBB-3770756

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

From classroom to cyberfront: Unlocking the potential of the next generation of cyber defenders

In a world where the digital frontier is expanding and cyberattacks are becoming more sophisticated with speed and scale, the guardians of our virtual realms have never been in greater demand.1 It’s important to leverage this year’s Cybersecurity Awareness Month to celebrate the people who keep us....

From classroom to cyberfront: Unlocking the potential of the next generation of cyber defenders

In a world where the digital frontier is expanding and cyberattacks are becoming more sophisticated with speed and scale, the guardians of our virtual realms have never been in greater demand.1 It’s important to leverage this year’s Cybersecurity Awareness Month to celebrate the people who keep us....

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202310.1

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202310.1 Jason Schavel Tue, 10/31/2023 - 11:08 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components (curl)....

Debian: Security Advisory (DLA-3632-1)

The remote host is missing an update for the...

[SECURITY] [DLA 3637-1] thunderbird security update

Debian LTS Advisory DLA-3637-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 29, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.4.1-1~deb10u1 CVE...

[SECURITY] [DSA 5538-1] thunderbird security update

Debian Security Advisory DSA-5538-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 27, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-5721 CVE-2023-5724...

[SECURITY] [DLA 3632-1] firefox-esr security update

Debian LTS Advisory DLA-3632-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 27, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.4.0esr-1~deb10u1 CVE...

A cascade of compromise: unveiling Lazarus’ new campaign

Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. What's remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendor's systems continued to use the...

Debian DLA-3632-1 : firefox-esr - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3632 advisory. It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay....

Debian: Security Advisory (DSA-5535-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5535-1] firefox-esr security update

Debian Security Advisory DSA-5535-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 25, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-5721 CVE-2023-5724...

Debian DSA-5535-1 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5535 advisory. It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient...

Trane Tracer SC Sensitive Information Disclosure (CVE-2016-0870)

The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Trane Tracer Improper Control of Generation of Code (CVE-2021-38450)

The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Trane HVAC Systems Controls Improper Neutralization of Input During Web Page Generation (CVE-2021-42534)

The affected product's web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

re-sc-legisoft-camara.sistemalegislativo.com.br Cross Site Scripting vulnerability OBB-3763732

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sc-demobetha-camara.sistemalegislativo.com.br Cross Site Scripting vulnerability OBB-3763728

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

treina-sc-joinville-camara.sistemalegislativo.com.br Cross Site Scripting vulnerability OBB-3763702

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

apr-sc-virtualiza.sistemalegislativo.com.br Cross Site Scripting vulnerability OBB-3763691

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Cisco IOS Software Group Encrypted Transport VPN Out of Bounds Write (cisco-sa-getvpn-rce-g8qR68sx)

According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of ...

ToddyCat: Keep calm and check logs

ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Our first publication was focused on their main tools,.....

glibc security update

[2.28-225.0.4.6] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). - CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose...

glibc security update

[2.34-60.0.3.7] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode (#2234716). - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet. Reviewed by: Jose E. Marchesi [2.34-60.0.3] - CVE-2023-4911: tunables: Terminate...

Oracle Linux 9 : glibc (ELSA-2023-12873)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12873 advisory. A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an...

Oracle Linux 8 : glibc (ELSA-2023-12872)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12872 advisory. A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application...

Mageia: Security Advisory (MGASA-2023-0285)

The remote host is missing an update for...

Tenable SecurityCenter < 6.2.0 Multiple Vulnerabilities (TNS-2023-32)

According to its self-reported version, the Tenable SecurityCenter running on the remote host is prior to 6.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-32 advisory. Security Center leverages third-party software to help provide underlying...

[R1] Security Center Version 6.2.0 Fixes Multiple Vulnerabilities

[R1] Security Center Version 6.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 10/10/2023 - 16:56 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions...

sc-altstaedten.de Cross Site Scripting vulnerability OBB-3740057

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

GLPI GZIP(Py3) 9.4.5 Remote Code Execution

...

glibc security update

[2.34-60.0.3.7] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode (#2234716). - CVE-2203-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet. Reviewed by: Jose E....

Oracle Linux 8 : glibc (ELSA-2023-5455)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5455 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa...

Oracle Linux 9 : glibc (ELSA-2023-5453)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5453 advisory. A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash....