SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D Sl V4.7, SINUMERIK 840D Sl V4.8 Security Vulnerabilities

Debian dsa-5606 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5606 advisory. An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects...

Cracked software beats gold: new macOS backdoor stealing cryptowallets

A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new,....

CVE-2023-51948

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web...

CVE-2023-51948

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web...

CVE-2023-51947

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without...

CVE-2023-51947

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without...

CVE-2023-51946

Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or...

CVE-2023-51946

Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or...

Cross site scripting

Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or...

Improper access control

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without...

Directory traversal

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web...

CVE-2023-51948

A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web...

CVE-2023-51946

Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or...

CVE-2023-51947

Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without...

Dark web threats and dark market predictions for 2024

An overview of last year's predictions Increase in personal data leaks; corporate email at risk A data leakage is a broad term encompassing various types of information that become publicly available, or published for sale on the dark web or other shadow web sites. Leaked information may...

Mageia: Security Advisory (MGASA-2024-0012)

The remote host is missing an update for...

A lightweight method to detect potential iOS malware

Introduction In the ever-evolving landscape of mobile security, hunting for malware in the iOS ecosystem is akin to navigating a labyrinth with invisible walls. Imagine having a digital compass that not only guides you through this maze, but also reveals the hidden mechanisms of iOS malware...

Mageia: Security Advisory (MGASA-2024-0006)

The remote host is missing an update for...

SEMCMS SQL Injection Vulnerability (CNVD-2024-06232)

SEMCMS is a foreign trade web content management system (CMS) that supports multiple languages. A SQL injection vulnerability exists in SEMCMS v4.8, which originates from the lack of validation of externally entered SQL statements via the languageID parameter in /web_inc.php. The vulnerability can....

Debian: Security Advisory (DLA-3703-1)

The remote host is missing an update for the...

Ubuntu 20.04 LTS : Firefox regressions (USN-6562-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6562-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Firefox regressions

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details USN-6562-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security...

CVE-2023-48864

SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in...

CVE-2023-48864

SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in...

Sql injection

SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in...

CVE-2023-48864

SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in...

Patch Tuesday - January 2024

Microsoft is addressing 49 vulnerabilities this January 2024 Patch Tuesday, including a single critical remote code execution vulnerability. Four browser vulnerabilities were published separately this month, and are not included in the total. No zero-day vulnerabilities are published or patched...

Exploit for CVE-2023-48864

Semcms v4.8 web_inc.php SQL Injection Introduction to...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details ** CVEID: CVE-2023-43646 DESCRIPTION: **Chai.js Assertion Library get-func-name is...

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6562-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6562-1 advisory. The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Thunderbird vulnerabilities (USN-6563-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6563-1 advisory. When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown...

Thunderbird vulnerabilities

Releases Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...

Firefox vulnerabilities

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...

Debian: Security Advisory (DLA-3698-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3697-1)

The remote host is missing an update for the...

[SECURITY] [DLA 3703-1] libreoffice security update

Debian LTS Advisory DLA-3703-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 31, 2023 https://wiki.debian.org/LTS Package : libreoffice Version : 1:6.1.5-3+deb10u11 CVE...

[SECURITY] [DLA 3698-1] thunderbird security update

Debian LTS Advisory DLA-3698-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 29, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.6.0-1~deb10u1 CVE...

[SECURITY] [DLA 3697-1] firefox-esr security update

Debian LTS Advisory DLA-3697-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 29, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.6.0esr-1~deb10u1 CVE...

Operation Triangulation: The last (hardware) mystery

Today, on December 27, 2023, we (Boris Larin, Leonid Bezvershenko, and Georgy Kucherin) delivered a presentation, titled, "Operation Triangulation: What You Get When Attack iPhones of Researchers", at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation...

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11479)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. An attacker with network access to affected products could cause a denial of service condition because of a vulnerability in the TCP retransmission queue implementation kernel when handling TCP...

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11477)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The kernel used in some products is affected by an integer overflow when handling TCP Selective Acknowledgements. A remote attacker could use this to cause a denial of service. This plugin only...

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment (SACK) sequences to affected products. This plugin only works with Tenable.ot....

Debian: Security Advisory (DSA-5582-1)

The remote host is missing an update for the...

Siemens Industrial Products Excessive Data Query Operations in a Large Data Table (CVE-2019-8460)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensi...

[SECURITY] [DSA 5582-1] thunderbird security update

Debian Security Advisory DSA-5582-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-6856 CVE-2023-6857...

Debian: Security Advisory (DSA-5581-1)

The remote host is missing an update for the...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libreoffice (SUSE-SU-2023:4932-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4932-1 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation...

Debian DSA-5582-1 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5582 advisory. The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not...

[SECURITY] [DSA 5581-1] firefox-esr security update

Debian Security Advisory DSA-5581-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 20, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-6856 CVE-2023-6857...