SCALANCE XB213-3LD (SC, PN) Security Vulnerabilities

[SECURITY] [DLA 3601-1] thunderbird security update

Debian LTS Advisory DLA-3601-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 05, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.3.1-1~deb10u1 CVE...

glibc security update

[2.28-225.0.4] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....

GLPI GZIP(Py3) 9.4.5 - RCE

...

GLPI GZIP(Py3) 9.4.5 - Remote Code Execution Exploit

...

Oracle Linux 8 : glibc (ELSA-2023-12853)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12853 advisory. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could...

glibc security update

An update is available for glibc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The glibc packages provide the standard C libraries (libc), POSIX thread...

Moxa NPort 5000 Series Improper Validation of Integrity Check Value (CVE-2023-4929)

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices......

AlmaLinux 8 : glibc (ALSA-2023:5455)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5455 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode...

glibc security update

[2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....

Oracle Linux 9 : glibc (ELSA-2023-12854)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12854 advisory. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could...

Rocky Linux 8 : glibc (RLSA-2023:5455)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5455 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode...

AlmaLinux 9 : glibc (ALSA-2023:5453)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5453 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode...

(RHSA-2023:5476) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

(RHSA-2023:5455) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

(RHSA-2023:5454) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

(RHSA-2023:5453) Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...

glibc security update

[2.28-225.0.4] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

RHEL 9 : glibc (RHSA-2023:5453)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5453 advisory. glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) glibc: potential use-after-free in getaddrinfo()...

Oracle Linux 9 : glibc (ELSA-2023-12850)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12850 advisory. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could...

Important: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): ....

RHEL 9 : glibc (RHSA-2023:5454)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5454 advisory. glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) Note that Nessus has not tested for this issue but has instead...

glibc security update

[2.34-60.0.3] - CVE-2023-4911: tunables: Terminate immediately if end of input is reached Reviewed by: Jose E....

Oracle Linux 8 : glibc (ELSA-2023-12851)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12851 advisory. A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could...

RHEL 8 : glibc (RHSA-2023:5455)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5455 advisory. glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) glibc: potential use-after-free in getaddrinfo()...

RHEL 8 : glibc (RHSA-2023:5476)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5476 advisory. glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911) Note that Nessus has not tested for this issue but has instead...

SUSE: Security Advisory (SUSE-SU-2023:3938-1)

The remote host is missing an update for...

[SECURITY] [DSA 5513-1] thunderbird security update

Debian Security Advisory DSA-5513-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 03, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-5176 CVE-2023-5171...

CVE-2023-4929

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of...

Input validation

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of...

Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-359)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-359 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via...

Debian: Security Advisory (DLA-3591-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5509-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3587-1)

The remote host is missing an update for the...

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I...

[SECURITY] [DLA 3591-1] firefox-esr security update

Debian LTS Advisory DLA-3591-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 30, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.3.1esr-1~deb10u1 CVE...

Debian DSA-5509-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5509 advisory. Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap...

Debian DLA-3591-1 : firefox-esr - LTS security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3591 advisory. Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap...

[SECURITY] [DSA 5510-1] libvpx security update

Debian Security Advisory DSA-5510-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 29, 2023 https://www.debian.org/security/faq Package : libvpx CVE ID : CVE-2023-5217 Debian Bug :...

[SECURITY] [DSA 5509-1] firefox-esr security update

Debian Security Advisory DSA-5509-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 29, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-5217 A buffer...

[SECURITY] [DSA 5508-1] chromium security update

Debian Security Advisory DSA-5508-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 29, 2023 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2023-5186 CVE-2023-5187...

[SECURITY] [DLA 3587-1] firefox-esr security update

Debian LTS Advisory DLA-3587-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.3.0esr-1~deb10u1 CVE...

Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts

Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of...

Debian DLA-3587-1 : firefox-esr - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3587 advisory. A compromised content process could have provided malicious data in a PathRecording resulting in an out- of-bounds write, leading to a potentially...

Debian: Security Advisory (DSA-5506-1)

The remote host is missing an update for the...

Debian DSA-5506-1 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5506 advisory. A compromised content process could have provided malicious data in a PathRecording resulting in an out- of-bounds write, leading to a potentially...

[SECURITY] [DSA 5506-1] firefox-esr security update

Debian Security Advisory DSA-5506-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 28, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-5169 CVE-2023-5171...

The security pitfalls of social media sites offering ID-based authentication

Welcome to this week's edition of the Threat Source newsletter. Since Elon Musk first started talking about purchasing Twitter/X around this time last year, one of his main sticking points has been how many bot accounts are on the platform and how that potentially affects advertising revenue and...

CVE-2023-20252

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML.....

CVE-2023-20253

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to...