SIMATIC ET200ecoPN, DI 16x24VDC, M12-L Security Vulnerabilities

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GnuTLS vulnerabilities (USN-6733-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-1 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems...

Debian: Security Advisory (DSA-5658-1)

The remote host is missing an update for the...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : libvirt vulnerabilities (USN-6734-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-1 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds...

Ubuntu 22.04 LTS / 23.10 : WebKitGTK vulnerabilities (USN-6732-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6732-1 advisory. An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : YARD vulnerabilities (USN-6731-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6731-1 advisory. lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an ...

Slackware: Security Advisory (SSA:2024-105-01)

The remote host is missing an update for...

[slackware-security] less

New less packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/less-653-i586-1_slack15.0.txz: Upgraded. This update patches a security issue: less through 653 allows OS command execution via a...

Slackware Linux 15.0 / current less Vulnerability (SSA:2024-105-01)

The version of less installed on the remote host is prior to 653. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-105-01 advisory. less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in...

Debian dsa-5659 : trafficserver - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5659 advisory. HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3...

[SECURITY] [DSA 5658-1] linux security update

Debian Security Advisory DSA-5658-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2023-2176 CVE-2023-6270...

Debian dsa-5658 : affs-modules-6.1.0-11-4kc-malta-di - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5658 advisory. A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in...

Debian dsa-5657 : xdmx - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5657 advisory. A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.28-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection via array-ish $command parameter of...

Ray OS 2.6.3 Command Injection

...

CVE-2024-31570

In FreeImage library version 3.19.0 [r1909], when reading images in XPM format, the Load() function has a stack overflow write vulnerability, which may lead to a command...

Slackware Linux 15.0 / current php81 Multiple Vulnerabilities (SSA:2024-103-01)

The version of php81 installed on the remote host is prior to 8.1.28 / 8.3.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-103-01 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...

GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

...

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

...

Ray OS v2.6.3 - Command Injection Exploit

...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Maven Shared Utils vulnerability (USN-6730-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6730-1 advisory. In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted ...

Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-52425, CVE-2023-52426, CVE-2023-6597)

Summary Vulnerabilities in Python could allow a remote or local attacker to cause a denial of service (CVE-2023-52425, CVE-2023-52426) or launch further attacks on the system (CVE-2023-6597). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID:...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details ** CVEID: CVE-2023-34967 DESCRIPTION: **Samba is vulnerable to a denial of service, caused.....

AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)

IBM SECURITY ADVISORY First Issued: Thu Apr 11 15:33:45 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/sendmail_advisory4.asc Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)...

AIX is affected by multiple vulnerabilities due to Python (CVE-2023-52425 CVE-2023-52426 CVE-2023-6597)

IBM SECURITY ADVISORY First Issued: Thu Apr 11 15:29:16 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory8.asc Security Bulletin: AIX is affected by multiple vulnerabilities due to Python (CVE-2023-52425,...

Ubuntu 20.04 LTS / 22.04 LTS : NSS regression (USN-6727-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6727-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Debian dsa-5656 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5656 advisory. Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to...

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command...

Ubuntu 20.04 LTS : Squid regression (USN-6728-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6728-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Apache HTTP Server vulnerabilities (USN-6729-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-1 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP...

CHAOS RAT 5.0.1 Remote Command Execution Exploit

CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT...

Debian dla-3786 : python-pil - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3786 advisory. In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. (CVE-2024-28219) Note that Nessus has not tested for...

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution

...

Exploit for OS Command Injection in Ray Project Ray

Ray OS Command Injection...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : X.Org X Server regression (USN-6721-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6721-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : NSS vulnerabilities (USN-6727-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6727-1 advisory. The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the...

CHAOS RAT 5.0.1 Remote Command Execution

...

Debian dla-3785 : gtkwave - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3785 advisory. An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Squid vulnerabilities (USN-6728-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6728-1 advisory. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : util-linux vulnerability (USN-6719-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6719-2 advisory. wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals...

CVE-2024-30190

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12...

CVE-2024-30191

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12...

CVE-2024-30191

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12...

CVE-2024-30190

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12...

CVE-2024-30189

A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45...

CVE-2024-30189

A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45...

CVE-2024-30191

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12...

CVE-2024-30190

A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748-1 M12 (6GK5748-1GY01-0TA0), SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0), SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0), SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0), SCALANCE W1788-2IA M12...

CVE-2024-30189

A vulnerability has been identified in SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AA0) (All versions), SCALANCE W721-1 RJ45 (6GK5721-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AA0) (All versions), SCALANCE W722-1 RJ45 (6GK5722-1FC00-0AB0) (All versions), SCALANCE W722-1 RJ45...

Slackware: Security Advisory (SSA:2024-099-01)

The remote host is missing an update for...

Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6701-4)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6701-4 advisory. A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This...