SIMATIC ET200ecoPN, DI 16x24VDC, M12-L Security Vulnerabilities

Linux kernel vulnerabilities

Releases Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-hwe - Linux kernel for Amazon Web Services (AWS-HWE) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6743-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6743-1 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap)...

Linux kernel vulnerabilities

Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-kvm - Linux kernel for cloud environments linux-lts-xenial - Linux hardware enablement kernel from Xenial for Trusty Details It was discovered that a...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-6740-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6740-1 advisory. A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.4 - Linux kernel...

Slackware Linux 15.0 / current freerdp Multiple Vulnerabilities (SSA:2024-110-01)

The version of freerdp installed on the remote host is prior to 2.11.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-110-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6742-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6742-1 advisory. Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow...

Debian dla-3790 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3790 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-aws - Linux kernel for Amazon Web Services (AWS) systems linux-aws-5.15 - Linux kernel for Amazon Web Services (AWS) systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux...

[slackware-security] glibc

New glibc packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/aaa_glibc-solibs-2.33-i586-6_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-i586-6_slack15.0.txz: Rebuilt. This update fixes a...

Security Bulletin: AIX is vulnerable to privilege escalation and denial of service (CVE-2023-45166, CVE-2023-45174, CVE-2023-45170)

Summary UPDATED Feb 2 2024 (New iFixes are available. The new iFixes resolve a technical issue with print queue status. Both sets of iFixes (new and original) resolve the security vulnerabilities described in the bulletin. The new iFixes are only needed if you experience the technical issue...

Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)

Summary Vulnerability in sendmail could allow a remote attacker to spoof an email (CVE-2023-51765). Vulnerability Details ** CVEID: CVE-2023-51765 DESCRIPTION: **Proofpoint sendmail is vulnerable to SMTP smuggling, caused by improper handling of line endings . in an email message. By sending a...

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE-2024-3400...

CVE-2024-2961

An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of...

Slackware Linux 15.0 / current aaa_glibc-solibs Vulnerability (SSA:2024-109-01)

The version of aaa_glibc-solibs installed on the remote host is prior to 2.33 / 2.39. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-109-01 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by...

Debian dla-3781 : libgd-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3781 advisory. gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call...

Slackware: Security Advisory (SSA:2024-108-01)

The remote host is missing an update for...

Debian dsa-5664 : jetty9 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5664 advisory. Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GNU C Library vulnerability (USN-6737-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6737-1 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when...

Debian dsa-5665 : libtomcat10-embed-java - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5665 advisory. Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through...

Debian dsa-5655 : cockpit - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5655 advisory. A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in...

Debian dla-3784 : caca-utils - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3784 advisory. A flaw was found in libcaca. A heap buffer overflow in export.c in function export_tga might lead to memory corruption and other potential consequences....

Debian dla-3788 : tzdata - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3788 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Debian dla-3789 : libdatetime-timezone-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3789 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.10.0-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. ...

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE-2024-3400 CVE-2024-3400 Palo Alto File Write Exploit...

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after...

CVE-2024-26892 wifi: mt76: mt7921e: fix use-after-free in free_irq()

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (AWS) vulnerabilities (USN-6725-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6725-2 advisory. An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and...

Slackware Linux 15.0 / current mozilla-thunderbird Vulnerability (SSA:2024-108-01)

The version of mozilla-thunderbird installed on the remote host is prior to 115.10.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-108-01 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2024-26892

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration......

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6724-2)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6724-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any...

Ubuntu 20.04 LTS : Linux kernel (IoT) vulnerabilities (USN-6726-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-2 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

Debian dsa-5663 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5663 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This...

Ubuntu 16.04 LTS / 18.04 LTS : Apache HTTP Server vulnerabilities (USN-6729-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-2 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This...

Slackware: Security Advisory (SSA:2024-107-01)

The remote host is missing an update for...

Ubuntu 20.04 LTS : Linux kernel (Xilinx ZynqMP) vulnerabilities (USN-6726-3)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6726-3 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-115.10.0esr-i686-1_slack15.0.txz: Upgraded. This update contains security fixes and improvements. For...

Exploit for CVE-2024-1441

This repo is made to reproduce fuzzing and analysis process of...

Debian dsa-5660 : libapache2-mod-php7.4 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5660 advisory. In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-107-01)

The version of mozilla-firefox installed on the remote host is prior to 115.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-107-01 advisory. The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable ...

Debian dsa-5662 : apache2 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5662 advisory. Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. (CVE-2023-31122) Faulty...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Node.js vulnerabilities (USN-6735-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6735-1 advisory. When an invalid public key is used to create an x509 certificate using the...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : klibc vulnerabilities (USN-6736-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6736-1 advisory. inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by...

Debian dsa-5661 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5661 advisory. In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration...

Slackware: Security Advisory (SSA:2024-103-01)

The remote host is missing an update for...

Debian dla-3787 : xdmx - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3787 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length...