Jetson Nano, Jetson Nano 2GB Security Vulnerabilities

Fedora 40 : nano (2024-93f31f5de6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-93f31f5de6 advisory. fix emergency file replacement vulnerability Resolves: rhbz#2277586 (FEDORA-2024-93f31f5de6) Note that Nessus has not tested for this issue but has...

Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0613 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

Universal Forwarders < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0614)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0614 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

Frameless-Bitb - A New Approach To Browser In The Browser (BITB) Without The Use Of Iframes, Allowing The Bypass Of Traditional Framebusters Implemented By Login Pages Like Microsoft And The Use With Evilginx

A new approach to Browser In The Browser (BITB) without the use of iframes, allowing the bypass of traditional framebusters implemented by login pages like Microsoft. This POC code is built for using this new BITB with Evilginx, and a Microsoft Enterprise phishlet. Before diving deep into this, I.....

Siemens Telecontrol Server Basic

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

KB5035962: Servicing stack update for Windows 10, version 1607 and Server 2016: March 12, 2024

KB5035962: Servicing stack update for Windows 10, version 1607 and Server 2016: March 12, 2024 REMINDER Windows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support (EOS) on October 9, 2018. These editions will no longer be offered servicing stack updates. Windows...

CentOS 9 : libxml2-2.9.13-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libxml2-2.9.13-3.el9 build changelog. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option...

CentOS 9 : yajl-2.1.0-21.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the yajl-2.1.0-21.el9 build changelog. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow...

KB5034862: Servicing stack update for Windows Server 2016: February 13, 2024

KB5034862: Servicing stack update for Windows Server 2016: February 13, 2024 REMINDERWindows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of support (EOS) on October 9, 2018. These editions will no longer be offered servicing stack updates.Windows 10, version 1607 IoT...

CentOS 8 : libxml2 (CESA-2023:0173)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0173 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled,...

CVE-2023-50121

Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service...

CVE-2023-50121

Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service...

Design/Logic Flaw

Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service...

CVE-2023-50121

Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : YAJL vulnerabilities (USN-6233-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6233-2 advisory. In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process...

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current libxml2 Multiple Vulnerabilities (SSA:2023-343-01)

The version of libxml2 installed on the remote host is prior to 2.12.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-343-01 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE...

nano-films.com Improper Access Control vulnerability OBB-3805855

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Mageia: Security Advisory (MGASA-2023-0329)

The remote host is missing an update for...

CVE-2023-47335

Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly...

CVE-2023-47335

Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly...

Code injection

Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly...

CVE-2023-47335

Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly...

KB5032391: Servicing stack update for Windows Server 2016: November 14, 2023

KB5032391: Servicing stack update for Windows Server 2016: November 14, 2023 REMINDERWindows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of service (EOS) on October 9, 2018. These editions will no longer be offered servicing stack updates.Windows 10, version 1607 IoT...

NewStart CGSL MAIN 6.06 : libxml2 Multiple Vulnerabilities (NS-SA-2023-0131)

The remote NewStart CGSL host, running version MAIN 6.06, has libxml2 packages installed that are affected by multiple vulnerabilities: Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709) An issue was discovered in libxml2 before 2.10.3. When parsing a...

Rocky Linux 9 : libxml2 (RLSA-2023:0338)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0338 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several...

Rocky Linux 8 : qt5-qtbase and qt5-qtwebsockets (RLSA-2020:4690)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4690 advisory. Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related...

Rocky Linux 8 : yajl (RLSA-2022:7524)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7524 advisory. yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads...

Rocky Linux 8 : libxml2 (RLSA-2023:0173)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0173 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several...

CVE-2022-4574

An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary...

CVE-2022-48189

An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary...

linux-firmware security update

[20230516-999.27.git6c9e0ed5.el9] - Update firmware for qat_4xxx devices (Orabug: 35811008) [20230516-999.26.git6c9e0ed5.el9] - Run dracut -f in %posttrans instead of %post (Orabug: 35661938) - Drop latest AMD microcode commits to family 19 file to include Milan microcode but not Genoa (Orabug:...

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 9, 2023 to October 15, 2023)

Last week, there were 103 vulnerabilities disclosed in 85 WordPress Plugins and no WordPress themes, with 7 of those being in WordPress Core, that have been added to the Wordfence Intelligence Vulnerability Database, and there were 46 Vulnerability Researchers that contributed to WordPress...

What is SSL/TLS ?

In the intricate tapestry of the digital world, threads of information interweave, forming connections, enabling interactions, and crafting narratives. Amidst this, a silent protector—SSL/TLS—ensures that the stories told are safeguarded, secure, and sincere. This comprehensive guide unravels the.....

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software...

Format string

A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software...

CVE-2023-39902

A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software...

Login screen manager <= 3.5.2 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). PoC Put the following payload in...

GLPI GZIP(Py3) 9.4.5 - RCE

...

Login screen manager <= 3.5.2 - Admin+ Stored XSS

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

GLPI GZIP(Py3) 9.4.5 - Remote Code Execution Exploit

...

Amazon Linux 2 : redis (ALASREDIS6-2023-008)

The version of redis installed on the remote host is prior to 6.2.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2023-008 advisory. Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message...

KB5030504: Servicing stack update for Windows Server 2016: September 12, 2023

KB5030504: Servicing stack update for Windows Server 2016: September 12, 2023 REMINDERWindows 10, version 1607 Mobile and Mobile Enterprise editions reached the end of service on October 9, 2018.Windows 10, version 1607 IoT Core and IoT Enterprise editions reached the end of service on April 9,...

PurpleOps - An Open-Source Self-Hosted Purple Team Management Web Application

An open-source self-hosted purple team management web application. Key Features Template engagements and testcases Framework friendly Role-based Access Control & MFA Inbuilt DOCX reporting + custom template support How PurpleOps is different: No attribution needed Hackable, no "no-reversing"...

linux-firmware security update

[20230516-999.25.git6c9e0ed5.el8] - Add missing amd-ucode/ files to nano and core rpm (Orabug: 35642190) - Add posttrans scriptlet to reload microcode on AMD (Orabug: 35636951) - Recreate initramfs for AMD systems (Orabug: 35636951) [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware:...

linux-firmware security update

[20230516-999.25.git6c9e0ed5.el7] - Add missing amd-ucode/ files to nano rpm (Orabug: 35642190) - Add posttrans scriptlet to reload microcode on AMD (Orabug: 35636951) - Recreate initramfs for AMD systems (Orabug: 35636951) [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware: Update AMD...

linux-firmware security update

[20230516-999.25.git6c9e0ed5.el9] - Add missing amd-ucode/ files to nano and core rpm (Orabug: 35642190) - Add posttrans scriptlet to reload microcode on AMD (Orabug: 35636951) - Recreate initramfs for AMD systems (Orabug: 35636951) [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware:...

linux-firmware security update

[20230516-999.25.git6c9e0ed5.el7] - Add missing amd-ucode/ files to nano rpm (Orabug: 35642190) - Add posttrans scriptlet to reload microcode on AMD (Orabug: 35636951) - Recreate initramfs for AMD systems (Orabug: 35636951) [20230516-999.24.git6c9e0ed5.el7] - 8a07fa49 linux-firmware: Update AMD...

Debian: Security Advisory (DLA-3516-1)

The remote host is missing an update for the...