SINUMERIK 828D V4.7, SINUMERIK 840D Sl V4.7, SINUMERIK 840D Sl V4.8 Security Vulnerabilities
A cryptor, a stealer and a banking trojan
Introduction As long as cybercriminals want to make money, they'll keep making malware, and as long as they keep making malware, we'll keep analyzing it, publishing reports and providing protection. Last month we covered a wide range of cybercrime topics. For example, we published a private report....
7.1AI Score
QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you don't see lots of QR...
7.1AI Score
Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2023-001)
The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by a vulnerability as referenced in the ALAS2LIBREOFFICE-2023-001 advisory. A flaw was found in the Libreoffice package. An attacker can craft an odb containing a database/script file...
5.5CVSS
5.6AI Score
0.0005EPSS
Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2023-002)
The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2023-002 advisory. LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on ...
9.8CVSS
8AI Score
0.971EPSS
9.8CVSS
7.9AI Score
0.609EPSS
Google Chrome VideoEncoder av1_svc_check_reset_layer_rc_flag use-after-free vulnerability
Talos Vulnerability Report TALOS-2023-1751 Google Chrome VideoEncoder av1_svc_check_reset_layer_rc_flag use-after-free vulnerability September 25, 2023 CVE Number CVE-2023-3421 SUMMARY A use-after-free vulnerability exists in the VideoEncoder av1_svc_check_reset_layer_rc_flag functionality of...
8.8CVSS
7.3AI Score
0.003EPSS
[SECURITY] [DLA 3570-1] libwebp security update
Debian LTS Advisory DLA-3570-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 18, 2023 https://wiki.debian.org/LTS Package : libwebp Version : 0.6.1-2+deb10u3 CVE ID :...
8.8CVSS
9.6AI Score
0.609EPSS
8.8CVSS
9.3AI Score
0.609EPSS
8.8CVSS
9.3AI Score
0.609EPSS
8.8CVSS
9.3AI Score
0.609EPSS
[SECURITY] [DSA 5497-2] libwebp security update
Debian Security Advisory DSA-5497-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2023 https://www.debian.org/security/faq Package : libwebp CVE ID : CVE-2023-4863 A buffer overflow...
8.8CVSS
9.2AI Score
0.609EPSS
[SECURITY] [DLA 3569-1] thunderbird security update
Debian LTS Advisory DLA-3569-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 17, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:102.15.1-1~deb10u1 CVE...
8.8CVSS
9.6AI Score
0.609EPSS
Debian DLA-3569-1 : thunderbird - LTS security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3569 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page....
8.8CVSS
8.7AI Score
0.609EPSS
Debian DSA-5498-1 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5498 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page....
8.8CVSS
8.7AI Score
0.609EPSS
Debian DLA-3568-1 : firefox-esr - LTS security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3568 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page....
8.8CVSS
8.7AI Score
0.609EPSS
[SECURITY] [DLA 3568-1] firefox-esr security update
Debian LTS Advisory DLA-3568-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 16, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 102.15.1esr-1~deb10u1 CVE...
8.8CVSS
9.6AI Score
0.609EPSS
[SECURITY] [DSA 5498-1] thunderbird security update
Debian Security Advisory DSA-5498-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 15, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-4863 A buffer...
8.8CVSS
7.4AI Score
0.609EPSS
8.8CVSS
9.3AI Score
0.609EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6368-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6368-1 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free...
8.8CVSS
9.2AI Score
0.609EPSS
Ubuntu 20.04 LTS : Firefox vulnerability (USN-6367-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6367-1 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML...
8.8CVSS
8.7AI Score
0.609EPSS
Releases Ubuntu 23.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...
8.8CVSS
9.3AI Score
0.609EPSS
Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially...
8.8CVSS
9.4AI Score
0.609EPSS
Debian DSA-5496-1 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5496 advisory. Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page....
8.8CVSS
8.7AI Score
0.609EPSS
[SECURITY] [DSA 5497-1] libwebp security update
Debian Security Advisory DSA-5497-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 13, 2023 https://www.debian.org/security/faq Package : libwebp CVE ID : CVE-2023-4863 A buffer overflow...
8.8CVSS
7AI Score
0.609EPSS
[SECURITY] [DSA 5496-1] firefox-esr security update
Debian Security Advisory DSA-5496-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 13, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-4863 A buffer...
8.8CVSS
7AI Score
0.609EPSS
5.5CVSS
5.5AI Score
0.001EPSS
Threat landscape for industrial automation systems. Statistics for H1 2023
Global threat statistics In the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. Percentage of ICS computers on which malicious objects were blocked, by half year That said, he percentage of attacked ICS...
7AI Score
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by...
7.5CVSS
7.5AI Score
0.001EPSS
Free Download Manager backdoored – a possible supply chain attack on Linux machines
UPDATE 13.09.2023. Free Download Manager team issued an official statement regarding this incident. Over the last few years, Linux machines have become a more and more prominent target for all sorts of threat actors. According to our telemetry, 260,000 unique Linux samples appeared in the first...
7.2AI Score
From Caribbean shores to your devices: analyzing Cuba ransomware
Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics,...
10CVSS
10.5AI Score
EPSS
Evil Telegram doppelganger attacks Chinese users
UPDATE 11.09.2023. Google has informed us that all the apps were deleted from the Google Play store A while ago we discovered a bunch of Telegram mods on Google Play with descriptions in traditional Chinese, simplified Chinese and Uighur. The vendor says these are the fastest apps which use a...
7AI Score
Oracle Linux 8 : glibc (ELSA-2020-1828)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1828 advisory. On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program...
3.3CVSS
6.1AI Score
0.0004EPSS
Oracle Linux 7 : libreoffice (ELSA-2019-2130)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-2130 advisory. It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros...
9.8CVSS
7.1AI Score
0.964EPSS
Oracle Linux 8 : libreoffice (ELSA-2020-1598)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1598 advisory. LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is...
9.8CVSS
7.4AI Score
0.971EPSS
Oracle Linux 8 : glibc (ELSA-2019-3513)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3513 advisory. In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed...
5.3CVSS
6.2AI Score
0.001EPSS
Oracle Linux 7 : libreoffice (ELSA-2020-1151)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1151 advisory. LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is...
9.8CVSS
7.4AI Score
0.971EPSS
Debian DSA-5488-1 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5488 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...
8.8CVSS
9AI Score
0.001EPSS
Debian DLA-3554-1 : thunderbird - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3554 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially...
8.8CVSS
9AI Score
0.001EPSS
Debian DLA-3553-1 : firefox-esr - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3553 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially...
8.8CVSS
9AI Score
0.001EPSS
Debian DSA-5485-1 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5485 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...
8.8CVSS
9AI Score
0.001EPSS
[SECURITY] [DLA 3554-1] thunderbird security update
Debian LTS Advisory DLA-3554-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 05, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:102.15.0-1~deb10u1 CVE...
8.8CVSS
8.6AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6333-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6333-1 advisory. Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown...
9.8CVSS
7.9AI Score
0.002EPSS
Releases Ubuntu 23.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Junsung Lee discovered that Thunderbird did not properly validate the text direction override unicode character in filenames. An attacker could potentially...
9.8CVSS
9.5AI Score
0.002EPSS
[SECURITY] [DSA 5488-1] thunderbird security update
Debian Security Advisory DSA-5488-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 03, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-4573 CVE-2023-4574...
8.8CVSS
7.2AI Score
0.001EPSS
[SECURITY] [DLA 3553-1] firefox-esr security update
Debian LTS Advisory DLA-3553-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 01, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 102.15.0esr-1~deb10u1 CVE...
8.8CVSS
8.3AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
