SIMATIC ET200ecoPN, DI 16x24VDC, M12-L Security Vulnerabilities

Debian dla-3753 : yard - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3753 advisory. yard before 0.9.20 allows path traversal. (CVE-2019-1020001) YARD is a Ruby Documentation tool. The frames.html file within the Yard Doc's generated...

Debian dla-3754 : fontforge - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3754 advisory. FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. (CVE-2020-5395) FontForge 20190801 has a heap-based buffer overflow in the...

Pz-LinkCard < 2.5.3 - Contributor+ SSRF

Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF attacks. PoC Setup a listener on a localhost/LAN host (such as nc -l 127.0.0.1 9000), then as a contributor, put the...

Ubuntu 22.04 LTS / 23.10 : Linux kernel vulnerabilities (USN-6680-1)

The remote Ubuntu 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6680-1 advisory. In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. (CVE-2023-46343) ...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6681-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6681-1 advisory. In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL...

Pz-LinkCard < 2.5.3 - Contributor+ SSRF

Description The plugin does not prevent users from pinging arbitrary hosts via some of its shortcodes, which could allow high privilege users such as contributors to perform SSRF...

agenzia-di-stock.panthermedia.net Cross Site Scripting vulnerability OBB-3866972

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Updated wpa_supplicant packages fix security vulnerabilities

The updated packages fix a security vulnerability: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt...

Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Summary Use of raw file descriptors in op_node_ipc_pipe() leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Details Node child_process IPC relies on the JS side to pass the raw IPC file...

Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Summary Use of raw file descriptors in op_node_ipc_pipe() leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Details Node child_process IPC relies on the JS side to pass the raw IPC file...

AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2023-46218)

IBM SECURITY ADVISORY First Issued: Wed Mar 6 15:05:06 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory4.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...

BIT-mediawiki-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event...

BIT-mediawiki-2020-15005

In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because...

BIT-mediawiki-2020-25812

An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw...

BIT-mediawiki-2020-25813

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden...

BIT-mediawiki-2020-25814

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an tag (or.....

BIT-mediawiki-2020-25815

An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of...

BIT-mediawiki-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across.....

BIT-mediawiki-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg...

BIT-mediawiki-2020-25869

An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct...

BIT-mediawiki-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because...

BIT-mediawiki-2021-41799

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table...

BIT-mediawiki-2021-41800

MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is...

BIT-mediawiki-2021-41801

The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control. When a user is blocked after submitting a replace job, the job is still run, even if it may be run at a later time (due to the job queue...

BIT-tomcat-2021-43980

The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77...

BIT-typo3-2023-38499

TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website...

BIT-tomcat-2023-42795

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling.....

BIT-tomcat-2023-45648

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat....

BIT-lua-2020-15888

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or...

BIT-lua-2020-15889

Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list...

BIT-lua-2020-15945

Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a...

BIT-lua-2020-24342

Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a...

BIT-lua-2020-24370

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by...

BIT-lua-2021-43519

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script...

BIT-drupal-2020-13688

Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to...

BIT-lua-2021-44647

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of...

BIT-lua-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script...

BIT-lua-2021-45985

In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer...

BIT-lua-2022-28805

singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua...

BIT-lua-2022-33099

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : c-ares vulnerability (USN-6676-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6676-1 advisory. c-ares is a C library for asynchronous DNS requests. ares__read_line() is used to parse local configuration files...

Linux kernel vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages linux - Linux kernel linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems linux-gkeop - Linux kernel for Google Container Engine (GKE) systems linux-hwe-5.4 -...

Ubuntu 22.04 LTS / 23.10 : FRR vulnerability (USN-6679-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6679-1 advisory. ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a...

Slackware: Security Advisory (SSA:2024-065-01)

The remote host is missing an update for...

Debian dla-3752 : libuv1 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3752 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uv_getaddrinfo function in src/unix/getaddrinfo.c (and its windows counterpart...

Ubuntu 20.04 LTS : Firefox regressions (USN-6649-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6649-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Debian dsa-5636 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5636 advisory. Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted...

GLiNet - Router Authentication Bypass

...

GL.iNet - Router Authentication Bypass Exploit

...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.8.1-i686-1_slack15.0.txz: Upgraded. This release contains security fixes and improvements. ...