SIMATIC ET200ecoPN, DI 16x24VDC, M12-L Security Vulnerabilities

Debian dla-3801 : emacs - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3801 advisory. In Emacs before 29.3, Gnus treats inline MIME contents as trusted. (CVE-2024-30203) In Emacs before 29.3, LaTeX preview is enabled by default for e-mail...

Ubuntu 24.04 LTS. : curl vulnerabilities (USN-6718-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-3 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS. : less vulnerability (USN-6756-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS. host has a package installed that is affected by a vulnerability as referenced in the USN-6756-1 advisory. less through 653 allows OS command execution via a newline character in the name of a file,...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : GNU cpio vulnerabilities (USN-6755-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6755-1 advisory. Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a...

Ubuntu 24.04 LTS. : Pillow vulnerability (USN-6744-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by a vulnerability as referenced in the USN-6744-3 advisory. In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. (CVE-2024-28219) Note that Nessus has not...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : PHP vulnerabilities (USN-6757-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6757-1 advisory. A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value...

Ubuntu 24.04 LTS. : libvirt vulnerabilities (USN-6734-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6734-2 advisory. An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the...

Ubuntu 24.04 LTS. : FreeRDP vulnerabilities (USN-6759-1)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6759-1 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read....

Ubuntu 24.04 LTS. : Apache HTTP Server vulnerabilities (USN-6729-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6729-3 advisory. Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue...

Ubuntu 24.04 LTS. : GnuTLS vulnerabilities (USN-6733-2)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6733-2 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...

Debian dla-3800 : ruby-rack - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3800 advisory. Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to take much longer than expected,...

Debian dla-3799 : trafficserver - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3799 advisory. HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are...

Debian dla-3798 : zabbix-agent - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3798 advisory. The cause of vulnerability is improper validation of form input field Name on Graph page in Items section. (CVE-2024-22119) Note that Nessus has not tested for this...

Debian dla-3797 : frr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3797 advisory. Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. (CVE-2022-26125) ...

Debian dla-3796 : mediawiki - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3796 advisory. An issue was discovered in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. In includes/logging/RightsLogFormatter.php,...

Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs

Status Checker is a Python script that checks the status of one or multiple URLs/domains and categorizes them based on their HTTP status codes. Version 1.0.0 Created BY BLACK-SCORP10 t.me/BLACK-SCORP10 Features Check the status of single or multiple URLs/domains. Asynchronous HTTP requests for...

l-w.nl Improper Access Control vulnerability OBB-3922868

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Slackware: Security Advisory (SSA:2024-116-01)

The remote host is missing an update for...

Debian dla-3795 : knot-resolver - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3795 advisory. A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC...

Debian dsa-5675 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5675 advisory. Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page....

vyper performs double eval of the slice start/length args in certain cases

Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or <address>.code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production....

vyper performs double eval of the slice start/length args in certain cases

Summary Using the slice builtin can result in a double eval vulnerability when the buffer argument is either msg.data, self.code or <address>.code and either the start or length arguments have side-effects. A contract search was performed and no vulnerable contracts were found in production....

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

Exploit for Code Injection in Crushftp

CVE-2024-4040 SSTI & LFI PoC - Exploitation | CrushFTP This...

[slackware-security] libarchive

New libarchive packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libarchive-3.7.3-i586-2_slack15.0.txz: Rebuilt. Patched an out-of-bound error in the rar e8 filter that could allow for the...

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Zabbix vulnerabilities (USN-6751-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6751-1 advisory. An authenticated user can create a link with reflected Javascript code inside it for the discovery...

CVE-2024-26923

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : CryptoJS vulnerability (USN-6753-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6753-1 advisory. crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than...

Ubuntu 16.04 LTS / 18.04 LTS : Dnsmasq vulnerabilities (USN-6657-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6657-2 advisory. An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : nghttp2 vulnerabilities (USN-6754-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6754-1 advisory. Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization ...

Ubuntu 22.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6743-3)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6743-3 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the...

Debian dla-3794 : pterm - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3794 advisory. PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message....

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6750-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6750-1 advisory. GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : FreeRDP vulnerabilities (USN-6752-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6752-1 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to...

Slackware Linux 15.0 / current libarchive Vulnerability (SSA:2024-116-01)

The version of libarchive installed on the remote host is prior to 3.7.3. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-116-01 advisory. libarchive Remote Code Execution Vulnerability (CVE-2024-26256) Note that Nessus has not tested for this issue but has instead...

Debian dsa-5674 : pdns-recursor - security update

The remote Debian 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5674 advisory. A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : FreeRDP vulnerabilities (USN-6749-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6749-1 advisory. FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow...

Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)

Summary Vulnerability in RPM could allow a remote authenticated attacker to execute arbitrary code (CVE-2023-7104). RPM is used by AIX for package management. Vulnerability Details ** CVEID: CVE-2023-7104 DESCRIPTION: **SQLite SQLite3 is vulnerable to a heap-based buffer overflow, caused by...

CVE-2024-26923 af_unix: Fix garbage collector racing against connect()

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

CVE-2024-26923 af_unix: Fix garbage collector racing against connect()

In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two...

pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/app_blueprint.py python @bp.route("/render/&lt;path:filename&gt;", endpoint="render") de...

pyLoad allows upload to arbitrary folder lead to RCE

Summary An authenticated user can change the download folder and upload a crafted template to the specified folder lead to remote code execution Details example version: 0.5 file:src/pyload/webui/app/blueprints/app_blueprint.py python @bp.route("/render/&lt;path:filename&gt;", endpoint="render") de...

AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)

IBM SECURITY ADVISORY First Issued: Wed Apr 24 15:34:58 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/rpm_advisory2.asc Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Sanitize vulnerabilities (USN-6748-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6748-1 advisory. Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site...

Ubuntu 22.04 LTS / 23.10 : Google Guest Agent and Google OS Config Agent vulnerability (USN-6746-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6746-1 advisory. The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when...

Ubuntu 20.04 LTS : Squid vulnerability (USN-6728-3)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6728-3 advisory. Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug....