SIMATIC ET200pro, IM 154-3 PN HF Security Vulnerabilities

CVE-2022-36033 affecting package jsoup 1.11.3-3

CVE-2022-36033 affecting package jsoup 1.11.3-3. No patch is available...

CVE-2017-9120 affecting package php 7.4.14-3

CVE-2017-9120 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2017-8923 affecting package php 7.4.14-3

CVE-2017-8923 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21704 affecting package php 7.4.14-3

CVE-2021-21704 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2007-3205 affecting package php 7.4.14-3

CVE-2007-3205 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is...

CVE-2022-42969 affecting package python-py 1.10.0-3

CVE-2022-42969 affecting package python-py 1.10.0-3. No patch is available...

CVE-2022-2929 affecting package dhcp 4.4.3-3

CVE-2022-2929 affecting package dhcp 4.4.3-3. No patch is available...

CVE-2022-31629 affecting package php 7.4.14-3

CVE-2022-31629 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2022-2928 affecting package dhcp 4.4.3-3

CVE-2022-2928 affecting package dhcp 4.4.3-3. No patch is available...

CVE-2022-31628 affecting package php 7.4.14-3

CVE-2022-31628 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2017-9118 affecting package php 7.4.14-3

CVE-2017-9118 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2020-7071 affecting package php 7.4.14-3

CVE-2020-7071 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-22931 affecting package python-gevent for versions less than 21.1.2-3

CVE-2021-22931 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is...

CVE-2022-31626 affecting package php 7.4.14-3

CVE-2022-31626 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21705 affecting package php 7.4.14-3

CVE-2021-21705 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21703 affecting package php 7.4.14-3

CVE-2021-21703 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2020-27827 affecting package lldpd 1.0.4-3

CVE-2020-27827 affecting package lldpd 1.0.4-3. This CVE either no longer is or was never...

CVE-2023-3724 affecting package mariadb for versions less than 10.6.9-3.cm2

CVE-2023-3724 affecting package mariadb for versions less than 10.6.9-3.cm2. A patched version of the package is...

CVE-2021-21707 affecting package php 7.4.14-3

CVE-2021-21707 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2024-23653 affecting package moby-engine for versions less than 20.10.27-3

CVE-2024-23653 affecting package moby-engine for versions less than 20.10.27-3. A patched version of the package is...

CVE-2022-31625 affecting package php 7.4.14-3

CVE-2022-31625 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21708 affecting package php 7.4.14-3

CVE-2021-21708 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-21702 affecting package php 7.4.14-3

CVE-2021-21702 affecting package php 7.4.14-3. This CVE either no longer is or was never...

CVE-2021-37714 affecting package jsoup 1.11.3-3

CVE-2021-37714 affecting package jsoup 1.11.3-3. No patch is available...

CVE-2016-2568 affecting package polkit 0.119-3

CVE-2016-2568 affecting package polkit 0.119-3. No patch is available...

CVE-2000-0006 affecting package strace 5.1-3

CVE-2000-0006 affecting package strace 5.1-3. No patch is available...

CVE-2010-4226 affecting package cpio 2.13-3

CVE-2010-4226 affecting package cpio 2.13-3. This CVE either no longer is or was never...

CVE-2023-23915 affecting package cmake 3.21.4-3

CVE-2023-23915 affecting package cmake 3.21.4-3. No patch is available...

CVE-2023-23916 affecting package cmake 3.21.4-3

CVE-2023-23916 affecting package cmake 3.21.4-3. No patch is available...

CVE-2022-43552 affecting package cmake 3.21.4-3

CVE-2022-43552 affecting package cmake 3.21.4-3. No patch is available...

CVE-2023-22606 affecting package binutils 2.36.1-3

CVE-2023-22606 affecting package binutils 2.36.1-3. No patch is available...

CVE-2023-22607 affecting package binutils 2.36.1-3

CVE-2023-22607 affecting package binutils 2.36.1-3. No patch is available...

CVE-2023-22603 affecting package binutils 2.36.1-3

CVE-2023-22603 affecting package binutils 2.36.1-3. No patch is available...

CVE-2022-46392 affecting package fluent-bit 1.5.2-3

CVE-2022-46392 affecting package fluent-bit 1.5.2-3. No patch is available...

CVE-2022-44638 affecting package pixman 0.40.0-3

CVE-2022-44638 affecting package pixman 0.40.0-3. No patch is available...

CVE-2016-3709 affecting package libxml2 2.9.14-3

CVE-2016-3709 affecting package libxml2 2.9.14-3. This CVE either no longer is or was never...

CVE-2023-22604 affecting package binutils 2.36.1-3

CVE-2023-22604 affecting package binutils 2.36.1-3. No patch is available...

CVE-2022-2928 affecting package dhcp 4.4.2-3

CVE-2022-2928 affecting package dhcp 4.4.2-3. No patch is available...

CVE-2023-23914 affecting package cmake 3.21.4-3

CVE-2023-23914 affecting package cmake 3.21.4-3. This CVE either no longer is or was never...

CVE-2018-25032 affecting package ccache for versions less than 3.6-3

CVE-2018-25032 affecting package ccache for versions less than 3.6-3. A patched version of the package is...

CVE-2020-36325 affecting package jansson 2.11-3

CVE-2020-36325 affecting package jansson 2.11-3. No patch is available...

CVE-2023-22609 affecting package binutils 2.36.1-3

CVE-2023-22609 affecting package binutils 2.36.1-3. No patch is available...

CVE-2023-22605 affecting package binutils 2.36.1-3

CVE-2023-22605 affecting package binutils 2.36.1-3. No patch is available...

CVE-2022-2929 affecting package dhcp 4.4.2-3

CVE-2022-2929 affecting package dhcp 4.4.2-3. No patch is available...

CVE-2022-38533 affecting package binutils 2.36.1-3

CVE-2022-38533 affecting package binutils 2.36.1-3. No patch is available...

CVE-2023-25136 affecting package openssh 8.9p1-3

CVE-2023-25136 affecting package openssh 8.9p1-3. This CVE either no longer is or was never...

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

Lobe Chat API Key Leak

Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....

Lobe Chat API Key Leak

Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....