B&R APROL Security Vulnerabilities

R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS (R Data Serialization) format files and .rdx files. An attacker can create malicious...

Fedora 40 : xen (2024-3a36322c4b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a36322c4b advisory. Recent x86 CPUs offer functionality named Control-flow Enforcement Technology (CET). A sub-feature of this are Shadow Stacks (CET-SS). CET-SS...

Ubuntu 24.04 LTS. : GnuTLS vulnerabilities (USN-6733-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-2 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

Fedora 40 : kernel (2024-6d35739db7)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-6d35739db7 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools,...

SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1454-1)

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1454-1 advisory. In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pm_runtime_get_sync...

CVE-2024-34048

O-RAN RIC I-Release e2mgr lacks array size checks in...

CVE-2022-48653

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

CVE-2022-48653

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

CVE-2022-48653

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

CVE-2022-48653 ice: Don't double unplug aux on peer initiated reset

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

RHEL 8 / 9 : OpenShift Container Platform 4.13.4 (RHSA-2023:3612)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3612 advisory. golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717) net/http, golang.org/x/net/http2:...

RHEL 9 : kernel (RHSA-2023:6583)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6583 advisory. Kernel: race when faulting a device private page in memory manager (CVE-2022-3523) kernel: use-after-free in l1oip timer handlers...

RHEL 8 / 9 : OpenShift Container Platform 4.13.2 (RHSA-2023:3366)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3366 advisory. golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) golang: path/filepath: path-filepath filepath.Clean path traversal...

RHEL 8 / 9 : OpenShift Container Platform 4.14.0 (RHSA-2023:5009)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5009 advisory. golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) kube-apiserver: Bypassing policies imposed by the...

RHEL 9 : kernel (RHSA-2024:0461)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0461 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: tun: bugs for oversize...

RHEL 7 : kpatch-patch (RHSA-2024:1960)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1960 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. ...

CVE-2022-48653

In the Linux kernel, the following vulnerability has been resolved: ice: Don't double unplug aux on peer initiated reset In the IDC callback that is accessed when the aux drivers request a reset, the function to unplug the aux devices is called. This function is also called in the...

RHEL 9 : kernel (RHSA-2023:7749)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7749 advisory. kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192) kernel: use-after-free vulnerability in the smb client component...

RHEL 8 / 9 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7398 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 / 9 : OpenShift Container Platform 4.12.3 (RHSA-2023:0727)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0727 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs

Status Checker is a Python script that checks the status of one or multiple URLs/domains and categorizes them based on their HTTP status codes. Version 1.0.0 Created BY BLACK-SCORP10 t.me/BLACK-SCORP10 Features Check the status of single or multiple URLs/domains. Asynchronous HTTP requests for...

Exploit for Path Traversal in Aiohttp

poc-cve-2024-23334 This repository contains a proof of...

RHEL 5 : kernel (RHSA-2019:2808)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2808 advisory. Kernel: page cache side channel attacks (CVE-2019-5489) Note that Nessus has not tested for this issue but has instead relied only on the...

RHEL 5 : kernel (RHSA-2018:1252)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1252 advisory. kernel: exec/ptrace: get_dumpable() incorrect tests (CVE-2013-2929) hw: cpu: speculative execution branch target injection...

RHEL 7 : erlang (RHSA-2018:0303)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0303 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...

RHEL 7 : qemu-kvm-rhev (RHSA-2017:3473)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3473 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages...

RHEL 5 : kernel (RHSA-2018:2603)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2603 advisory. Kernel: hw: cpu: L1 terminal fault (L1TF) (CVE-2018-3620, CVE-2018-3646) Note that Nessus has not tested for these issues but has instead...

RHEL 5 : kernel (RHSA-2018:2602)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2602 advisory. Kernel: hw: cpu: L1 terminal fault (L1TF) (CVE-2018-3620, CVE-2018-3646) Note that Nessus has not tested for these issues but has instead...

RHEL 5 : kernel (RHSA-2018:0464)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0464 advisory. hw: cpu: speculative execution bounds-check bypass (CVE-2017-5753) hw: cpu: speculative execution permission faults handling...

RHEL 5 : kernel (RHSA-2019:1932)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1932 advisory. kernel: Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112) Note that Nessus has not tested for this issue but has...

RHEL 5 : kernel (RHSA-2018:3822)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3822 advisory. kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824) kernel: Use-after-free in sys_mq_notify() (CVE-2017-11176) kernel:...

RHEL 7 : erlang (RHSA-2018:0528)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0528 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...

RHEL 7 : erlang (RHSA-2018:0368)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0368 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...

RHEL 5 : kernel (RHSA-2017:2801)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2801 advisory. kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary (CVE-2017-1000253) Note that...

RHEL 7 : qemu-kvm-rhev (RHSA-2017:3466)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3466 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages...

RHEL 7 : qemu-kvm-rhev (RHSA-2017:3471)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3471 advisory. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages...

RHEL 5 : kernel (RHSA-2019:1931)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1931 advisory. kernel: Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112) Note that Nessus has not tested for this issue but has...

CSAF - Cyber Security Awareness Framework

The Cyber Security Awareness Framework (CSAF) is a structured approach aimed at enhancing Cybersecurity" title="Cybersecurity">cybersecurity awareness and understanding among individuals, organizations, and communities. It provides guidance for the development of effective Cybersecurity"...

CVE-2024-0740

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE...

CVE-2024-0740

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE...

CVE-2024-0740 Eclipse Target Management <= 4.5.500 Command Injection

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version &lt;= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE...

CentOS 9 : toolbox-0.0.99.4-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the toolbox-0.0.99.4-5.el9 build changelog. Angle brackets (&lt;&gt;) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions.....

CentOS 9 : linux-firmware-20231030-141.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the linux- firmware-20231030-141.el9 build changelog. Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (RHEL-14264) (CVE-2022-46329) Note that Nessus has not tested for...

CentOS 7 : kernel (RHSA-2024:2004)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2004 advisory. A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault....

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 209 vulnerabilities disclosed in 169...

Espionage - A Linux Packet Sniffing Suite For Automated MiTM Attacks

Espionage is a network packet sniffer that intercepts large amounts of data being passed through an interface. The tool allows users to to run normal and verbose traffic analysis that shows a live feed of traffic, revealing packet direction, protocols, flags, etc. Espionage can also spoof ARP so,.....

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update A)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missing...

Mitsubishi Electric MELSEC Series CPU Module (Update D)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series CPU module Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a...

Multiple Vulnerabilities in Hitachi Energy RTU500 Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: RTU500 Series Vulnerabilities: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow the...

Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Honeywell Equipment: Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC Vulnerabilities: Exposed Dangerous Method or Function, Absolute Path Traversal,...