SIMATIC ET200ecoPN, DI 16x24VDC, M12-L Security Vulnerabilities

Ubuntu 16.04 LTS : OpenSSL update (USN-6663-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6663-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-6686-2)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6686-2 advisory. In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and...

Ubuntu 14.04 LTS : X.Org X Server vulnerabilities (USN-6587-5)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6587-5 advisory. A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow...

Slackware Linux 15.0 / current expat Vulnerability (SSA:2024-073-01)

The version of expat installed on the remote host is prior to 2.6.2. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-073-01 advisory. libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via...

Debian dsa-5639 : chromium - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5639 advisory. Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6681-3)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-3 advisory. In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL...

l-amp.nl Cross Site Scripting vulnerability OBB-3869823

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OVN vulnerability (USN-6691-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6691-1 advisory. A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Open vSwitch vulnerabilities (USN-6690-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6690-1 advisory. A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial...

Ubuntu 16.04 LTS : PostgreSQL vulnerability (USN-6656-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6656-2 advisory. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer....

EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2024-1305)

According to the versions of the tomcat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache...

Ubuntu 23.10 : Rack vulnerabilities (USN-6689-1)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6689-1 advisory. Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response....

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Gson vulnerability (USN-6692-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6692-1 advisory. The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the...

Ubuntu 22.04 LTS / 23.10 : .NET vulnerability (USN-6693-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6693-1 advisory. .NET and Visual Studio Denial of Service Vulnerability (CVE-2024-21392) Note that Nessus has not tested for this issue but has instead relied only on the...

Debian dla-3758 : libtiff-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3758 advisory. A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a...

Debian dla-3759 : qemu - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3759 advisory. A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side,...

Ubuntu 20.04 LTS / 22.04 LTS : AccountsService vulnerability (USN-6687-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6687-1 advisory. An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6681-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-2 advisory. In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6688-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6688-1 advisory. Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them...

Debian dla-3757 : libnss3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3757 advisory. An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122....

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libxml2 vulnerability (USN-6658-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6658-2 advisory. An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and...

Debian dla-3756 : wordpress - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3756 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Debian dsa-5638 : libuv1 - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5638 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its windows counterpart...

Exploit for CVE-2024-27697

FuguHub 8.4 Authenticated RCE Fuguhub is a Cloud Media...

Debian dla-3755 : tar - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3755 advisory. A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting...

Nomore403 - Tool To Bypass 403/40X Response Codes

nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad...

Fedora: Security Advisory for args4j (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for...

Slackware: Security Advisory (SSA:2024-067-01)

The remote host is missing an update for...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6686-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6686-1 advisory. In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : mqtt-client vulnerability (USN-6685-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6685-1 advisory. In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive....

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : ncurses vulnerability (USN-6684-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6684-1 advisory. NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). (CVE-2023-50495) Note that...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6680-2)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6680-2 advisory. In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. (CVE-2023-46343) ...

Linux kernel vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages linux - Linux kernel linux-azure - Linux kernel for Microsoft Azure Cloud systems linux-azure-5.15 - Linux kernel for Microsoft Azure cloud systems linux-azure-fde - Linux kernel for Microsoft Azure CVM cloud systems linux-azure-fde-5.15 -...

Debian dsa-5637 : squid - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5637 advisory. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4...

[SECURITY] Fedora 40 Update: args4j-2.33-26.fc40

args4j is a small Java class library that makes it easy to parse command line options/arguments in your CUI application. - It makes the command line parsing very easy by using annotations - You can generate the usage screen very easily - You can generate HTML/XML that lists all options for your...

Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2023-46218)

Summary Vulnerability in cURL libcurl could allow a remote attacker to bypass security restrictions (CVE-2023-46218). AIX uses cURL libcurl as part of rsyslog, LV/PV encryption integration with HPCS and in Live Update for interacting with HMC. Vulnerability Details ** CVEID: CVE-2023-46218 ...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 DESCRIPTION: **An unspecified vulnerability in Java SE related to the Security component could allow a remote.....

[slackware-security] ghostscript

New ghostscript packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/ghostscript-9.55.0-i586-2_slack15.0.txz: Rebuilt. Fixes security issues: A vulnerability was identified in the way...

Multiple vulnerabilities in IBM Java SDK affect AIX

IBM SECURITY ADVISORY First Issued: Thu Mar 7 15:16:48 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/java_feb2024_advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...

Slackware Linux 15.0 / current ghostscript Vulnerability (SSA:2024-067-01)

The version of ghostscript installed on the remote host is prior to 10.03.0 / 9.55.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-067-01 advisory. Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or...

Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : HtmlCleaner vulnerability (USN-6683-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6683-1 advisory. An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted...

Mageia: Security Advisory (MGASA-2024-0053)

The remote host is missing an update for...

GliNet 4.x Authentication Bypass

...

Debian dla-3753 : yard - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3753 advisory. yard before 0.9.20 allows path traversal. (CVE-2019-1020001) YARD is a Ruby Documentation tool. The frames.html file within the Yard Doc's generated...

Debian dla-3754 : fontforge - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3754 advisory. FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. (CVE-2020-5395) FontForge 20190801 has a heap-based buffer overflow in the...

Pz-LinkCard < 2.5.3 - Contributor+ SSRF

Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. PoC Setup a listener on a localhost/LAN host (such as nc -l 127.0.0.1 9000), then as a contributor, put the...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6681-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-1 advisory. In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6680-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6680-1 advisory. In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. (CVE-2023-46343) ...

Pz-LinkCard < 2.5.3 - Contributor+ SSRF

Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF...