B&R APROL Security Vulnerabilities

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....

Ubuntu 24.04 LTS. : GNU C Library vulnerability (USN-6737-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by a vulnerability as referenced in the USN-6737-2 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...

Ubuntu 24.04 LTS. : curl vulnerabilities (USN-6718-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-3 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed...

Ubuntu 24.04 LTS. : libvirt vulnerabilities (USN-6734-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-2 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the...

Ubuntu 24.04 LTS. : Pillow vulnerability (USN-6744-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by a vulnerability as referenced in the USN-6744-3 advisory. In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. (CVE-2024-28219) Note that Nessus has not...

Ubuntu 24.04 LTS. : Apache HTTP Server vulnerabilities (USN-6729-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-3 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue...

R -- arbitrary code execution vulnerability

HiddenLayer Research reports: Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user's...

Fedora 37 : kernel / kernel-headers / kernel-tools (2023-f4f9182dc8)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f4f9182dc8 advisory. A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to...

Fedora 40 : kernel (2024-6d35739db7)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-6d35739db7 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools,...

Ubuntu 24.04 LTS. : GnuTLS vulnerabilities (USN-6733-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-2 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

RHEL 9 : kernel (RHSA-2024:1248)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1248 advisory. kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244) kernel: A heap out-of-bounds...

R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS (R Data Serialization) format files and .rdx files. An attacker can create malicious...

Fedora 40 : xen (2024-3a36322c4b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS...

CVE-2022-48653

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

CVE-2022-48653

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

CVE-2022-48653 ice: Don't double unplug aux on peer initiated reset

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

RHEL 8 / 9 : OpenShift Container Platform 4.13.4 (RHSA-2023:3612)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3612 advisory. golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) net/http, golang.org/x/net/http2:...

RHEL 9 : kernel (RHSA-2023:6583)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6583 advisory. Kernel: race when faulting a device private page in memory manager (CVE-2022-3523) kernel: use-after-free in l1oip timer handlers...

RHEL 8 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) kube-apiserver: Bypassing policies imposed by the...

RHEL 8 / 9 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3366 advisory. golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) golang: path/filepath: path-filepath filepath.Clean path traversal...

RHEL 9 : kernel (RHSA-2024:0461)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0461 advisory. kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545) kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c (CVE-2022-36402) ...

RHEL 7 : kpatch-patch (RHSA-2024:1960)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1960 advisory. kernel: use after free in unix_stream_sendpage (CVE-2023-4622) kernel: net/sched: sch_hfsc UAF (CVE-2023-4623) Note that Nessus has not...

RHEL 8 / 9 : OpenShift Container Platform 4.12.3 (RHSA-2023:0727)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0727 advisory. golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879) golang: net/http/httputil: ReverseProxy should...

RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7398 advisory. go-yaml: Denial of Service in go-yaml (CVE-2021-4235) golang: net/http: improper sanitization of Transfer-Encoding header...

RHEL 9 : kernel (RHSA-2023:7749)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7749 advisory. kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) kernel: use-after-free vulnerability in the smb client component...

CVE-2022-48653

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs

Status Checker is a Python script that checks the status of one or multiple URLs/domains and categorizes them based on their HTTP status codes. Version 1.0.0 Created BY BLACK-SCORP10 t.me/BLACK-SCORP10 Features Check the status of single or multiple URLs/domains. Asynchronous HTTP requests for...

Exploit for Path Traversal in Aiohttp

poc-cve-2024-23334 This repository contains a proof of...

RHEL 5 : kernel (RHSA-2019:2808)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2808 advisory. Kernel: page cache side channel attacks (CVE-2019-5489) Note that Nessus has not tested for this issue but has instead relied only on the...

RHEL 7 : erlang (RHSA-2018:0303)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0303 advisory. erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack (CVE-2017-1000385) Note that...

RHEL 5 : kernel (RHSA-2018:0464)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0464 advisory. hw: cpu: speculative execution bounds-check bypass (CVE-2017-5753) hw: cpu: speculative execution permission faults handling...

RHEL 5 : kernel (RHSA-2018:1252)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1252 advisory. kernel: exec/ptrace: get_dumpable() incorrect tests (CVE-2013-2929) hw: cpu: speculative execution branch target injection...

RHEL 5 : kernel (RHSA-2018:2603)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2603 advisory. Kernel: hw: cpu: L1 terminal fault (L1TF) (CVE-2018-3620, CVE-2018-3646) Note that Nessus has not tested for these issues but has instead...

RHEL 5 : kernel (RHSA-2018:2602)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2602 advisory. Kernel: hw: cpu: L1 terminal fault (L1TF) (CVE-2018-3620, CVE-2018-3646) Note that Nessus has not tested for these issues but has instead...

RHEL 7 : erlang (RHSA-2018:0528)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0528 advisory. erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack (CVE-2017-1000385) Note that...

RHEL 5 : kernel (RHSA-2019:1932)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1932 advisory. kernel: Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112) Note that Nessus has not tested for this issue but has...

RHEL 5 : kernel (RHSA-2018:3822)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3822 advisory. kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824) kernel: Use-after-free in sys_mq_notify() (CVE-2017-11176) kernel:...

RHEL 7 : erlang (RHSA-2018:0368)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0368 advisory. erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack (CVE-2017-1000385) Note that...

RHEL 5 : kernel (RHSA-2017:2801)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2801 advisory. kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary (CVE-2017-1000253) Note that...

RHEL 5 : kernel (RHSA-2019:1931)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1931 advisory. kernel: Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112) Note that Nessus has not tested for this issue but has...

CSAF - Cyber Security Awareness Framework

The Cyber Security Awareness Framework (CSAF) is a structured approach aimed at enhancing Cybersecurity" title="Cybersecurity">cybersecurity awareness and understanding among individuals, organizations, and communities. It provides guidance for the development of effective Cybersecurity"...

CVE-2024-0740

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE...

CentOS 9 : toolbox-0.0.99.4-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.4-5.el9 build changelog. Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions.....

CentOS 9 : linux-firmware-20231030-141.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the linux- firmware-20231030-141.el9 build changelog. Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (RHEL-14264) (CVE-2022-46329) Note that Nessus has not tested for...

CentOS 7 : kernel (RHSA-2024:2004)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2004 advisory. A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault....

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

Espionage - A Linux Packet Sniffing Suite For Automated MiTM Attacks

Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,.....

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update A)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missing...

Mitsubishi Electric MELSEC Series CPU Module (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series CPU module Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...