SIMATIC ET200ecoPN, DI 16x24VDC, M12-L Security Vulnerabilities

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : GNU C Library vulnerabilities (USN-6762-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6762-1 advisory. nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer...

Exploit for Incorrect Authorization in Pydio Cells

PoC for CVE-2023-32749 This is a quick and dirty PoC I wrote...

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...

OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log Analyzer

Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your server logs. Stay ahead of potential threats with features that include: Features Attack...

Debian dla-3806 : distro-info-data - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3806 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Debian dla-3805 : libqt5concurrent5 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3805 advisory. Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS. : Anope vulnerability (USN-6761-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS. host has a package installed that is affected by a vulnerability as referenced in the USN-6761-1 advisory. Anope before 2.0.15 does not prevent resetting the password of a suspended account. (CVE-2024-30187) ...

Debian dla-3802 : elpa-org - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3802 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203) In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...

Debian dla-3804 : libnghttp2-14 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3804 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of...

Foxit Reader Lock object fields property type confusion vulnerability

Talos Vulnerability Report TALOS-2024-1963 Foxit Reader Lock object fields property type confusion vulnerability April 30, 2024 CVE Number CVE-2024-25575 SUMMARY A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : JSON5 vulnerability (USN-6758-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6758-1 advisory. JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files)....

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Gerbv vulnerability (USN-6760-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6760-1 advisory. A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and...

Debian dla-3801 : emacs - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3801 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203) In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...

Ubuntu 24.04 LTS. : GNU C Library vulnerability (USN-6737-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by a vulnerability as referenced in the USN-6737-2 advisory. The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the...

Ubuntu 24.04 LTS. : curl vulnerabilities (USN-6718-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-3 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS. : less vulnerability (USN-6756-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS. host has a package installed that is affected by a vulnerability as referenced in the USN-6756-1 advisory. less through 653 allows OS command execution via a newline character in the name of a file,...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GNU cpio vulnerabilities (USN-6755-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6755-1 advisory. Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a...

Ubuntu 24.04 LTS. : Pillow vulnerability (USN-6744-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by a vulnerability as referenced in the USN-6744-3 advisory. In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. (CVE-2024-28219) Note that Nessus has not...

Ubuntu 24.04 LTS. : libvirt vulnerabilities (USN-6734-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-2 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the...

Ubuntu 24.04 LTS. : FreeRDP vulnerabilities (USN-6759-1)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6759-1 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read....

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : PHP vulnerabilities (USN-6757-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6757-1 advisory. A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value...

Ubuntu 24.04 LTS. : Apache HTTP Server vulnerabilities (USN-6729-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-3 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue...

Ubuntu 24.04 LTS. : GnuTLS vulnerabilities (USN-6733-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-2 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

Debian dla-3800 : ruby-rack - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3800 advisory. Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected,...

Debian dla-3799 : trafficserver - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3799 advisory. HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are...

Debian dla-3798 : zabbix-agent - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3798 advisory. The cause of vulnerability is improper validation of form input field Name on Graph page in Items section. (CVE-2024-22119) Note that Nessus has not tested for this...

Debian dla-3796 : mediawiki - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3796 advisory. An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php,...

Debian dla-3797 : frr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3797 advisory. Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. (CVE-2022-26125) ...

Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs

Status Checker is a Python script that checks the status of one or multiple URLs/domains and categorizes them based on their HTTP status codes. Version 1.0.0 Created BY BLACK-SCORP10 t.me/BLACK-SCORP10 Features Check the status of single or multiple URLs/domains. Asynchronous HTTP requests for...

l-w.nl Improper Access Control vulnerability OBB-3922868

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Slackware: Security Advisory (SSA:2024-116-01)

The remote host is missing an update for...

Debian dla-3795 : knot-resolver - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3795 advisory. A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC...

Debian dsa-5675 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5675 advisory. Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

vyper performs double eval of the slice start/length args in certain cases

Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or <address>.code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production....

vyper performs double eval of the slice start/length args in certain cases

Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or <address>.code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production....

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.7.3-i586-2_slack15.0.txz: Rebuilt. Patched an out-of-bound error in the rar e8 filter that could allow for the...

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Zabbix vulnerabilities (USN-6751-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6751-1 advisory. An authenticated user can create a link with reflected Javascript code inside it for the discovery...

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : CryptoJS vulnerability (USN-6753-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6753-1 advisory. crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than...

Ubuntu 16.04 LTS / 18.04 LTS : Dnsmasq vulnerabilities (USN-6657-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6657-2 advisory. An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : nghttp2 vulnerabilities (USN-6754-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6754-1 advisory. Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization ...

Debian dla-3794 : pterm - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3794 advisory. PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message....

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6743-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6743-3 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6750-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6750-1 advisory. GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox...