B&R APROL Security Vulnerabilities

CVE-2024-2637

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

CVE-2024-2637 Insecure Loading of Code in B&R Products

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

CVE-2024-2637 Insecure Loading of Code in B&R Products

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

CVE-2024-4044

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger...

Mitsubishi Electric Multiple FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple FA Engineering Software Products Vulnerabilities: Improper Privilege Management, Uncontrolled Resource Consumption, Out-of-bounds Write, Improper Privilege Management 2....

Rockwell Automation FactoryTalk Remote Access

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Factory Talk Remote Access Vulnerability: Unquoted Search Path or Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to enter a...

Johnson Controls Software House C-CURE 9000

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION: Low attack complexity Vendor: Johnson Controls Equipment: Software House C●CURE 9000 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to...

SUBNET PowerSYSTEM Center

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Reliance on Insufficiently Trustworthy Component 2. RISK EVALUATION Successful exploitation of the vulnerabilities in components used by...

May 14, 2024—KB5037771 (OS Builds 22621.3593 and 22631.3593)

May 14, 2024—KB5037771 (OS Builds 22621.3593 and 22631.3593) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow...

Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

CrushFTP Directory Traversal

...

Rocky Linux 9 : kernel (RLSA-2024:2758)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2758 advisory. A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker...

Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-6767-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the...

Brother Printers Multiple Vulnerabilities (Mar 2024)

Multiple Brother printers are prone to multiple...

Brother Printers Improper Authentication Vulnerability (Mar 2024)

Multiple Brother printers are prone to an improper authentication ...

Ubuntu 22.04 LTS : strongSwan vulnerability (USN-6772-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6772-1 advisory. strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When...

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report....

BypassFuzzer - Fuzz 401/403/404 Pages For Bypasses

The original 403fuzzer.py :) Fuzz 401/403ing endpoints for bypasses This tool performs various checks via headers, path normalization, verbs, etc. to attempt to bypass ACL's or URL validation. It will output the response codes and length for each request, in a nicely organized, color coded way so.....

Ubuntu 22.04 LTS / 23.10 / 24.04 LTS : SQL parse vulnerability (USN-6771-1)

The remote Ubuntu 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6771-1 advisory. Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. (CVE-2024-4340) Note that Nessus...

Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting

...

CrushFTP < 11.1.0 - Directory Traversal

...

CrushFTP < 11.1.0 - Directory Traversal Exploit

...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2024-12380)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12380 advisory. This CVE was assigned by Intel. Please see CVE-2024-2201 on CVE.org for more information. (CVE-2024-2201) Note that Nessus has not tested for this issue...

About the security content of iOS 16.7.8 and iPadOS 16.7.8

About the security content of iOS 16.7.8 and iPadOS 16.7.8 This document describes the security content of iOS 16.7.8 and iPadOS 16.7.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

RHEL 8 : libyang (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libyang: NULL pointer dereference in read_yin_leaf() (CVE-2021-28906) libyang: NULL pointer dereference...

RHEL 5 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: Stack-based buffer overflow in...

RHEL 6 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Heap overflow in zipimporter module (CVE-2016-5636) python: XML External Entity in XML...

RHEL 7 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php: Use of...

RHEL 6 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) An...

RHEL 7 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through (CVE-2021-43818) An...

SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2024:1582-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1582-1 advisory. A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to...

RHEL 6 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. php: buffer overflow in handling of long link names in tar phar archives (CVE-2016-2554) php:...

RHEL 7 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) python: XML...

RHEL 6 : mdadm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. mdadm: Buffer overflow (CVE-2023-28736) Uncontrolled resource consumption in some Intel(R) SSD Tools...

RHEL 7 : python-pillow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-pillow: Buffer overflow in image convert function (CVE-2021-34552) Buffer overflow in the...

RHEL 6 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. wpa_supplicant: P2P group information processing vulnerability (CVE-2021-0326) wpa_supplicant: EAP-pwd...

SUSE SLES15 Security Update : kernel (Live Patch 12 for SLE 15 SP4) (SUSE-SU-2024:1596-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1596-1 advisory. A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to...