SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D Sl V4.7, SINUMERIK 840D Sl V4.8 Security Vulnerabilities

Debian DSA-5421-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5421 advisory. The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks...

Debian: Security Advisory (DSA-5421-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5421-1] firefox-esr security update

Debian Security Advisory DSA-5421-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 07, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-34414 CVE-2023-34416...

IT threat evolution Q1 2023

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff, a financially motivated...

IT threat evolution Q1 2023. Mobile statistics

IT threat evolution Q1 2023 IT threat evolution Q1 2023. Non-mobile statistics IT threat evolution Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to...

IT threat evolution in Q1 2023. Non-mobile statistics

IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6143-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6143-1 advisory. The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from...

Firefox vulnerabilities

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...

Ubuntu 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-6144-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6144-1 advisory. Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker...

LibreOffice vulnerabilities

Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libreoffice - Office productivity suite Details It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into...

Satacom delivers browser extension that steals cryptocurrency

Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...

Operation Triangulation: iOS devices targeted with previously unknown malware

While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS...

[SECURITY] [DLA 3439-1] libwebp security update

Debian LTS Advisory DLA-3439-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 31, 2023 https://wiki.debian.org/LTS Package : libwebp Version : 0.6.1-2+deb10u2 CVE ID :...

Display post meta, term meta, comment meta, and user meta <= 0.4.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape post metadata before outputting it back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as...

OOB read from unchecked return

Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 05/29/23 the current master branch at commit 4f810869b06b5d7b0cb73d166864dfb4b1e900f6 . Description This AddressSanitizer output is indicating a read on an...

Debian: Security Advisory (DSA-5415-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5415-1] libreoffice security update

Debian Security Advisory DSA-5415-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2023 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2023-0950 CVE-2023-2255...

Debian DSA-5415-1 : libreoffice - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5415 advisory. Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox regressions (USN-6074-3)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6074-3 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Firefox regressions

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the...

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We...

[SECURITY] [DSA 5408-1] libwebp security update

Debian Security Advisory DSA-5408-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2023 https://www.debian.org/security/faq Package : libwebp CVE ID : CVE-2023-1999 Debian Bug :...

CloudWizard APT: the bad magic story goes on

In March 2023, we uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. Since the release of our report about...

Minas – on the way to complexity

Sometimes when investigating an infection and focusing on a targeted attack, we come across something we were not expecting. The case described below is one such occurrence. In June 2022, we found a suspicious shellcode running in the memory of a system process. We decided to dig deeper and...

Mageia: Security Advisory (MGASA-2023-0172)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2023-0171)

The remote host is missing an update for...

Debian: Security Advisory (DLA-3421-1)

The remote host is missing an update for the...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox regressions (USN-6074-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6074-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Firefox regressions

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details USN-6074-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details:...

CVE-2022-47393

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service...

CVE-2022-47392

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service...

Input validation

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service...

Design/Logic Flaw

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service...

CVE-2022-47388

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47387

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47390

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47391

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of...

CVE-2022-47389

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47379

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47382

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47380

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47378

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service...

CVE-2022-47383

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47381

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-22508

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific...

CVE-2022-47385

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47384

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

CVE-2022-47386

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Stack overflow

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Stack overflow

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...