OceanStor 2800 V3,OceanStor 5300 V3,OceanStor 5500 V3,OceanStor 5600 V3,OceanStor 5800 V3 Security Vulnerabilities

CVE-2023-50804

An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check format...

CVE-2023-50803

An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check replay...

CVE-2023-50803

An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly check replay...

CVE-2024-29152

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly check states...

CVE-2024-29152

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly check states...

AIX is vulnerable to denial of service due to ISC BIND

IBM SECURITY ADVISORY First Issued: Tue Jun 4 16:06:25 CDT 2024 |Updated: Wed Jun 5 08:17:08 CDT 2024 |Update: Corrected the affected fileset levels to reflect that | bind.rte 7.1.916.2604 and 7.3.916.2601 are vulnerable. The most recent version of this document is available here:...

Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei/v3

Nuclei allows unsigned code template execution through workflows in...

Helm's Missing YAML Content Leads To Panic in helm.sh/helm/v3

Helm's Missing YAML Content Leads To Panic in...

Mitsubishi Electric MELSEC iQ-R, Q, L Series and MELIPC Series (Update C)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, Q, and L Series CPU Module; MELIPC Series CPU Vulnerability: Improper Resource Locking 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Mitsubishi Electric CC-Link IE TSN Industrial Managed Switch (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CC-Link IE TSN Industrial Managed Switch Vulnerabilities: Observable Timing Discrepancy, Double Free 2. RISK EVALUATION Successful exploitation of these...

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per Fortinet FortiGuard Labs, involves a Microsoft Excel file that carries an embedded VBA macro to...

CVE-2023-5751

A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong...

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates...

Exploit for Code Injection in Openplcproject Openplc V3 Firmware

CVE-2021-31630 Modified the PoC...

CVE-2024-29152

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly check states...

CVE-2023-52162

Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires...

CVE-2023-52162

Mercusys MW325R EU V3 (Firmware MW325R(EU)_V3_1.11.0 Build 221019) is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Exploiting the vulnerability requires...

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...

CVE-2024-36022

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...

AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...

RHEL 7 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960) ...

RHEL 5 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution ...

RHEL 5 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (CVE-2015-5600) openssh:...

RHEL 7 : libraw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. libraw: Memory corruption in the parse_tiff_ifd() (CVE-2017-6886) A boundary error within the...

RHEL 6 : java-1.6.0-ibm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. OpenJDK: insufficient loader constraints checks for invokespecial (Hotspot, 8180711) (CVE-2017-10346) ...

RHEL 6 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718) The XML parser...

RHEL 5 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718) The XML parser...

RHEL 4 : openssh (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssh: MaxAuthTries limit bypass via duplicates in KbdInteractiveDevices (CVE-2015-5600) openssh:...

CVE-2024-36022

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...

CVE-2024-36022

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...

CVE-2024-36022

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...

CVE-2024-36022 drm/amdgpu: Init zone device and drm client after mode-1 reset on reload

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...

CVE-2024-36022 drm/amdgpu: Init zone device and drm client after mode-1 reset on reload

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...

Mitsubishi Electric MELSEC iQ-R, iQ-L Series and MELIPC Series (Update C)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R, iQ-L Series and MELIPC Series Vulnerability: Improper Resource Shutdown or Release 2. RISK EVALUATION Successful exploitation of this vulnerability could...

Westermo EDW-100

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Westermo Equipment: EDW-100 Vulnerabilities: Use of Hard-coded Password, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

CVE-2024-36022

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD,...

Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag

Impact Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for...

Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag

Impact Template authors could inject php code by choosing a malicous file name for an extends-tag. Users that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v4 or v5. There is no patch for...

CVE-2023-46297

An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin...

CVE-2023-46297

An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin...

Security Bulletin: Triton Inference Server - May 2024

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

CVE-2024-35226

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap....

CVE-2024-35226

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap....

CVE-2024-35226

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap....

CVE-2024-35226

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap....

CVE-2024-35226 PHP Code Injection by malicious attribute in extends-tag in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap....

TIBCO Security Advisory: May 28, 2024 - TIBCO Managed File Transfer Platform Server for Unix - CVE-2024-4407

TIBCO Managed File Transfer Platform Server for Unix and z/Linux privilege escalation vulnerability Original release date: May 28, 2024 Last revised: --- CVE-2024-4407 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0,...

Pyrit - The Famous WPA Precomputed Cracker

Pyrit allows you to create massive databases of pre-computed WPA/WPA2-PSK authentication phase in a space-time-tradeoff. By using the computational power of Multi-Core CPUs and other platforms through ATI-Stream,Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of....

Malicious code in sanar-website-v3 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (5343e64c2316fbb0e3c6256f74b5b0da7993903262ed71f836a93f2e929ced78) The OpenSSF Package Analysis project identified 'sanar-website-v3' @ 1.0.0 (npm) as malicious. It is considered malicious because: The package...

CVE-2024-35226

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap....