SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D Sl V4.7, SINUMERIK 840D Sl V4.8 Security Vulnerabilities

Stack overflow

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Stack overflow

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Stack overflow

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Stack overflow

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Input validation

Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific...

Stack overflow

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Input validation

Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service...

Stack overflow

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Design/Logic Flaw

An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code...

Stack overflow

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Stack overflow

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Stack overflow

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

Input validation

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of...

[SECURITY] [DLA 3421-1] thunderbird security update

Debian LTS Advisory DLA-3421-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 15, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:102.11.0-1~deb10u1 CVE...

Debian DLA-3421-1 : thunderbird - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3421 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-6074-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6074-1 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user...

Firefox vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service,...

Debian DSA-5403-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5403 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6075-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6075-1 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to...

Debian: Security Advisory (DSA-5403-1)

The remote host is missing an update for the...

Thunderbird vulnerabilities

Releases Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

[SECURITY] [DSA 5403-1] thunderbird security update

Debian Security Advisory DSA-5403-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 14, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-32205 CVE-2023-32206...

Debian DLA-3417-1 : firefox-esr - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3417 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing...

Debian DSA-5400-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5400 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing...

sl-rasch.com Cross Site Scripting vulnerability OBB-3323306

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Debian: Security Advisory (DLA-3417-1)

The remote host is missing an update for the...

[SECURITY] [DLA 3417-1] firefox-esr security update

Debian LTS Advisory DLA-3417-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 11, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 102.11.0esr-1~deb10u1 CVE...

New ransomware trends in 2023

Ransomware keeps making headlines. In a quest for profits, attackers target all types of organizations, from healthcare and educational institutions to service providers and industrial enterprises, affecting almost every aspect of our lives. In 2022, Kaspersky solutions detected over 74.2M...

Andoryu Botnet Exploits Critical Ruckus Wireless Flaw for Widespread Attack

A nascent botnet called Andoryu has been found to exploit a now-patched critical security flaw in the Ruckus Wireless Admin panel to break into vulnerable devices. The flaw, tracked as CVE-2023-25717 (CVSS score: 9.8), stems from improper handling of HTTP requests, leading to unauthenticated...

Debian: Security Advisory (DSA-5400-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5400-1] firefox-esr security update

Debian Security Advisory DSA-5400-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 10, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-32205 CVE-2023-32206...

AppDomain Manager Injection: New Techniques For Red Teams

AppDomain Manager Injection is a very versatile and useful technique for red team operators. This technique allows you to effectively turn any Microsoft.NET application on a Windows host into a lolbin (Living Off the Land Binary) by forcing the application to load a specially crafted .NET...

Not quite an Easter egg: a new family of Trojan subscribers on Google Play

Every once in a while, someone will come across malicious apps on Google Play that seem harmless at first. Some of the trickiest of these are subscription Trojans, which often go unnoticed until the user finds they have been charged for services they never intended to buy. This kind of malware...

Siemens Industrial Products Intel CPUs Missing Encryption of Sensitive Data (CVE-2020-12357)

Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens Industrial Products Intel CPUs Missing Encryption of Sensitive Data (CVE-2020-12360)

Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens Industrial Products LLDP Uncontrolled Resource Consumption (CVE-2020-27827)

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. This plugin only...

What does ChatGPT know about phishing?

Can ChatGPT detect phishing links? Hearing all the buzz about the amazing applications of ChatGPT and other language models, our team could not help but ask this question. We work on applying machine learning technologies to cybersecurity tasks, specifically models that analyze websites to detect.....

New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022

James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack...

Firefox regressions

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox regressions (USN-6010-3)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6010-3 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Debian DSA-5392-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5392 advisory. matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can...

[SECURITY] [DLA 3400-1] thunderbird security update

Debian LTS Advisory DLA-3400-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 24, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:102.10.0-1~deb10u1 CVE...

Tomiris called, they want their Turla malware back

Introduction We introduced Tomiris to the world in September 2021, following our investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). Our initial report described links between a Tomiris Golang implant and SUNSHUTTLE (which has been...

Debian: Security Advisory (DSA-5392-1)

The remote host is missing an update for the...

Debian DLA-3400-1 : thunderbird - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3400 advisory. matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can...

Debian: Security Advisory (DLA-3400-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5392-1] thunderbird security update

Debian Security Advisory DSA-5392-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-0547 CVE-2023-1945...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox regressions (USN-6010-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6010-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Firefox regressions

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details USN-6010-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details:...

QBot banker delivered through business correspondence

In early April, we detected a significant increase in attacks that use banking Trojans of the QBot family (aka QakBot, QuackBot, and Pinkslipbot). The malware would be delivered through e-mail letters written in different languages — variations of them were coming in English, German, Italian, and.....