SCALANCE X307-2 EEC (2x 230V, Coated) Security Vulnerabilities

CVE-2024-39292

In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the winch is added to the winch_handlers list. If that happens, register_winch_irq() adds to that list...

CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines...

CVE-2024-38667

In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. However this is not the case for the idle threads of the secondary boot harts. Their stacks overlap with...

CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with.....

CVE-2024-32936

In the Linux kernel, the following vulnerability has been resolved: media: ti: j721e-csi2rx: Fix races while restarting DMA After the frame is submitted to DMA, it may happen that the submitted list is not updated soon enough, and the DMA callback is triggered before that. This can lead to...

CVE-2024-34030

In the Linux kernel, the following vulnerability has been resolved: PCI: of_property: Return error for int_map allocation failure Return -ENOMEM from of_pci_prop_intr_map() if kcalloc() fails to prevent a NULL pointer dereference in this case. [bhelgaas: commit...

CVE-2024-34027

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock It needs to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock to avoid racing with checkpoint, otherwise, filesystem metadata including...

CVE-2024-33847

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - mkfs.f2fs -O extra_attr,compression -f /dev/vdb - mount /dev/vdb /mnt/f2fs - touch /mnt/f2fs/file -...

CVE-2024-37026 drm/xe: Only use reserved BCS instances for usm migrate exec queue

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with.....

Hfinger - Fingerprinting HTTP Requests

Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :-) Its main objective is to provide unique representations (fingerprints) of malware requests, which help in their identification. Unique means here that each fingerprint should be...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

XZ backdoor: Hook analysis

Part 1: XZ backdoor story – Initial analysis Part 2: Assessing the Y, and How, of the XZ Utils incident (social engineering) In our first article on the XZ backdoor, we analyzed its code from initial infection to the function hooking it performs. As we mentioned then, its initial goal was to...

CVE-2024-6275

A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. This vulnerability affects unknown code of the file parent.php of the component Parent Page. The manipulation of the argument update leads to sql injection. The attack can be initiated...

CVE-2024-6275

A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. This vulnerability affects unknown code of the file parent.php of the component Parent Page. The manipulation of the argument update leads to sql injection. The attack can be initiated...

CVE-2024-6275 lahirudanushka School Management System Parent Page parent.php sql injection

A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. This vulnerability affects unknown code of the file parent.php of the component Parent Page. The manipulation of the argument update leads to sql injection. The attack can be initiated...

CVE-2024-6275 lahirudanushka School Management System Parent Page parent.php sql injection

A vulnerability classified as critical was found in lahirudanushka School Management System 1.0.0/1.0.1. This vulnerability affects unknown code of the file parent.php of the component Parent Page. The manipulation of the argument update leads to sql injection. The attack can be initiated...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-072)

The version of kernel installed on the remote host is prior to 5.4.261-174.360. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.4-2024-072 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related...

composer - regression update

Bulletin has no...

Amazon Linux 2 : webkitgtk4 (ALAS-2024-2577)

The version of webkitgtk4 installed on the remote host is prior to 2.42.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2577 advisory. An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4,...

Amazon Linux 2 : qemu (ALAS-2024-2572)

The version of qemu installed on the remote host is prior to 3.1.0-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2572 advisory. A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio- crypto), where the...

CVE-2024-37677

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...

Stable Channel Update for Desktop

The Stable channel has been updated to 126.0.6478.126/127 for Windows, Mac and 126.0.6478.126 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

Amazon Linux 2 : golang (ALAS-2024-2576)

The version of golang installed on the remote host is prior to 1.22.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2576 advisory. The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip...

Netis MW5360 Remote Command Execution

...

Amazon Linux 2 : php (ALASPHP8.1-2024-005)

The version of php installed on the remote host is prior to 8.1.29-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2024-005 advisory. The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default),...

WordPress 6.0 < 6.5.5

WordPress versions 6.0 &lt; 6.5.5 are affected by one or more...

Amazon Linux 2 : booth (ALAS-2024-2575)

The version of booth installed on the remote host is prior to 1.0-8.ef769ef.git. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2575 advisory. A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(),...

FreeBSD : emacs -- Arbitrary shell code evaluation vulnerability (4f6c4c07-3179-11ef-9da5-1c697a616631)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4f6c4c07-3179-11ef-9da5-1c697a616631 advisory. GNU Emacs developers report: Emacs 29.4 is an emergency bugfix release intended to fix a security...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2024-073)

The version of kernel installed on the remote host is prior to 5.4.149-73.259. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2024-073 advisory. A flaw was found in the Linux kernel. When reusing a socket with an attached dccps_hc_tx_ccid as a ...

Amazon Linux 2 : python-crypto (ALASANSIBLE2-2024-011)

It is, therefore, affected by a vulnerability as referenced in the ALAS2ANSIBLE2-2024-011 advisory. Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted...

CVE-2024-37677

An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...

Netis MW5360 Remote Command Execution Exploit

The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the...

Flatboard 3.2 Cross Site Scripting

...

Amazon Linux 2 : kernel (ALAS-2024-2581)

The version of kernel installed on the remote host is prior to 4.14.348-265.562. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2581 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on...

Amazon Linux 2 : python-jinja2 (ALAS-2024-2574)

The version of python-jinja2 installed on the remote host is prior to 2.7.2-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2574 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...

Amazon Linux 2 : ecs-service-connect-agent (ALASECS-2024-037)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.5.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-037 advisory. Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling...

Amazon Linux 2 : python3-jinja2 (ALAS-2024-2573)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2573 advisory. Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing...

Amazon Linux 2 : python3-jinja2 (ALAS-2024-2582)

The version of python3-jinja2 installed on the remote host is prior to 2.7.2-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2582 advisory. In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape. (CVE-2019-10906) Tenable has extracted the preceding.....

AlmaLinux 9 : libreswan (ALSA-2024:4050)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:4050 advisory. * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652) Tenable has extracted the preceding description block directly from the AlmaLinux.....

Amazon Linux 2 : libndp (ALAS-2024-2571)

The version of libndp installed on the remote host is prior to 1.2-7. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2571 advisory. A vulnerability was found in libndp. A buffer overflow in NetworkManager that can be triggered by sending a malformed IPv6 router...

Paradox IP150 Internet Module 1.40.00 Cross Site Request Forgery

...

Carbon Forum 5.9.0 Cross Site Request Forgery / SQL Injection

...

Amazon Linux 2 : unbound (ALASUNBOUND-2024-002)

The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-002 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group...

Amazon Linux AMI : tomcat8 (ALAS-2024-1941)

The version of tomcat8 installed on the remote host is prior to 8.5.99-1.97. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1941 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to...

Amazon Linux 2 : iperf3 (ALAS-2024-2579)

The version of iperf3 installed on the remote host is prior to 3.1.7-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2579 advisory. It is possible for a malicious or malfunctioning client to send lessthan the expected amount of data to the server. If this...

Moderate Photon OS Security Update - PHSA-2024-4.0-0638

Updates of ['nginx', 'libssh2'] packages of Photon OS have been...

RHEL 9 : pki-core (RHSA-2024:4051)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4051 advisory. The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * dogtag ca:...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-060)

The version of kernel installed on the remote host is prior to 5.10.217-205.860. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2024-060 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN)...

Amazon Linux 2 : kernel (ALASKERNEL-5.10-2024-061)

The version of kernel installed on the remote host is prior to 5.10.201-191.748. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2024-061 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related...

Edu-Sharing Arbitrary File Upload

...