DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 Series Security Vulnerabilities

CVE-2024-1916

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...

CVE-2024-1915

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...

CVE-2024-0803

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted...

CVE-2024-0802

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted...

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-1355)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1376)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1376)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-1355)

The remote host is missing an update for the Huawei...

CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions

Overview A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution has been discovered. CPU hardware utilizing speculative execution that are vulnerable to Spectre v1 are likely affected. An unauthenticated attacker can exploit this...

Important: edk2

Issue Overview: A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to...

Exploit for Improper Authentication in Microsoft

CVE-2021-38647 AKA "OMIGOD" A Zeek package which detects...

ThreatDown achieves perfect score in latest AVLab assessment

ThreatDown has once again earned a perfect score in AVLabs' January 2024 real-world malware detection tests, marking the eleventh consecutive quarter in achieving this feat. Let’s delve into the details of the test and how ThreatDown outperformed competitors in exhaustive testing. The AVLab...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

CVE-2024-20327

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

CVE-2024-20327

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Input validation

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Design/Logic Flaw

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

CVE-2024-20320

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

CVE-2024-20327

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability

A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability...

Cisco IOS XR Software SSH Privilege Escalation Vulnerability

A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to...

Threat actors leverage document publishing sites for ongoing credential and session token theft

Cisco Talos Incident Response (Talos IR) has observed the ongoing use of legitimate digital document publishing (DDP) sites for phishing, credential theft and session token theft during recent incident response and threat intelligence engagements. Hosting phishing lures on DDP sites increases the.....

CVE-2024-27440

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted...

CVE-2024-27440

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted...

Information disclosure

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted...

CVE-2024-27440

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted...

Intel 2024.1 IPU - BIOS March 2024 Security Updates

Intel has informed HP of potential security vulnerabilities identified in some Intel® Processors and/or BIOS Firmware for some Intel® Processors which may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing firmware updates to mitigate this potential...

This Week in Spring - March 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring survey! Join me for a look at the latest-and-greatest, chronicling how I got started with Spring Boot in...

Microsoft and Adobe Patch Tuesday, March 2024 Security Update Review

Welcome to another insightful dive into Microsoft's Patch Tuesday! This month's security updates address a significant number of CVEs, underscoring the ongoing battle against digital vulnerabilities. We invite you to join us to review and discuss the details of these security updates and patches......

CVE-2024-26614

In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to Apache Commons FileUpload (CVE-2023-24998)

Summary IBM Sterling Partner Engagement Manager uses Apache Commons FileUpload. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused.....

Advisory ROSA-SA-2024-2371

software: firefox 118.0.2 OS: ROSA-CHROME package_evr_string: firefox-118.0.2-1.src.rpm CVE-ID: CVE-2011-0064 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, used in Pango, Firefox, and other products, does not check for successful memory...

Security Bulletin: Vulnerability in commons-fileupload affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0)[CVE-2023-24998]

Summary The commons-fileupload package is used by IBM Cloud Pak for Data System 2.0. IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE [CVE-2023-24998] Vulnerability Details ** CVEID: CVE-2023-24998 DESCRIPTION: **Apache Commons FileUpload and Tomcat are vulnerable to a denial of.....

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....

Directory traversal

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user....

CVE-2024-27121

Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...

CVE-2024-27121

Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...

Path traversal

Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an...

CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not...

CVE-2024-26288 PHOENIX CONTACT: Lack of SSL support in CHARX Series

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not...

CVE-2024-26005 PHOENIX CONTACT: Privilege gain through incomplete cleanup in CHARX Series

An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a...

CVE-2024-26004 PHOENIX CONTACT: DoS of a control agent due to access of a uninitialized pointer in CHARX Series

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging...

CVE-2024-26004 PHOENIX CONTACT: DoS of a control agent due to access of a uninitialized pointer in CHARX Series

An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging...

CVE-2024-26003 PHOENIX CONTACT: DoS of the control agent in CHARX Series

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging...

CVE-2024-26003 PHOENIX CONTACT: DoS of the control agent in CHARX Series

An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging...

CVE-2024-26002 PHOENIX CONTACT: File ownership manipulation in CHARX Series

An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific...