SINUMERIK 828D V4.7, SINUMERIK 840D Sl V4.7, SINUMERIK 840D Sl V4.8 Security Vulnerabilities

RHEL 8 : libreoffice (RHSA-2024:1480)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1480 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

Debian: Security Advisory (DLA-3769-1)

The remote host is missing an update for the...

Firefox vulnerabilities

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or...

Debian: Security Advisory (DSA-5645-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5645-1] firefox-esr security update

Debian Security Advisory DSA-5645-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 23, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2024-29944 Manfred Paul...

Sr2T - Converts Scanning Reports To A Tabular Format

Scanning reports to tabular (sr2t) This tool takes a scanning tool's output file, and converts it to a tabular format (CSV, XLSX, or text table). This tool can process output from the following tools: Nmap (XML); Nessus (XML); Nikto (XML); Dirble (XML); Testssl (JSON); Fortify (FPR). Rationale...

[SECURITY] [DLA 3769-1] thunderbird security update

Debian LTS Advisory DLA-3769-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 23, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.9.0-1~deb10u1 CVE...

Debian dla-3769 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3769 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private...

Debian dsa-5645 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5645 advisory. An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This...

AlmaLinux 9 : libreoffice (ALSA-2024:1427)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1427 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary...

Debian: Security Advisory (DSA-5644-1)

The remote host is missing an update for the...

Debian dsa-5644 : thunderbird - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5644 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

Debian: Security Advisory (DSA-5643-1)

The remote host is missing an update for the...

[SECURITY] [DSA 5644-1] thunderbird security update

Debian Security Advisory DSA-5644-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 21, 2024 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-5388 CVE-2024-0743...

[SECURITY] [DSA 5643-1] firefox-esr security update

Debian Security Advisory DSA-5643-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 21, 2024 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-5388 CVE-2024-0743...

(RHSA-2024:1473) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Debian dsa-5643 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5643 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

RHEL 8 : libreoffice (RHSA-2024:1473)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1473 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

Android malware, Android malware and more Android malware

Introduction Malware for mobile devices is something we come across very often. In 2023, our technologies blocked 33.8 million malware, adware, and riskware attacks on mobile devices. One of 2023's most resonant attacks was Operation Triangulation, targeting iOS, but that was rather a unique case.....

Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6703-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6703-1 advisory. NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the...

Firefox vulnerabilities

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...

Oracle Linux 9 : libreoffice (ELSA-2024-1427)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1427 advisory. Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In...

libreoffice security update

[1:7.1.8.1-12.0.1] - Replace colors with Oracle colors [Orabug: 32120093] - Added the --with-hamcrest option to configure. [1:7.1.8.1-12] - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target...

(RHSA-2024:1427) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

(RHSA-2024:1425) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

(RHSA-2024:1423) Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Threat landscape for industrial automation systems. H2 2023

Global statistics across all threats In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased by 2.1 pp to 31.9%. Percentage of ICS computers on which malicious objects were blocked, by half year Selected industries In H2 2023, building...

Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RHEL 9 : libreoffice (RHSA-2024:1423)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1423 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

RHEL 9 : libreoffice (RHSA-2024:1425)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1425 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

RHEL 9 : libreoffice (RHSA-2024:1427)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1427 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word...

Security Bulletin: IBM Cloud Pak for Data Scheduling contains a vulnerable yq package. [CVE-2023-39320, CVE-2023-39321 and CVE-2023-39322]

Summary Yq is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-39320 DESCRIPTION: **Golang Go could allow a...

Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to multiple ansible-operator and opm vulnerabilities

Summary Ansible-operator and opm are used by IBM Cloud Pak for Data Scheduling as part of the ibm-cpd-scheduling-operator and ibm-cpd-scheduler-operator-catalog image used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities....

A patched Windows attack surface is still exploitable

On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege (EoP), which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of...

What’s in your notepad? Infected text editors target Chinese users

"Malvertising" is a popular way of attracting victims to malicious sites: an advertisement block is placed at the top of the search results, increasing the likelihood of users clicking the link. Sites at the top of search results also tend to be more trusted by users. A year ago, our experts...

The State of Stalkerware in 2023–2024

The State of Stalkerware in 2023 (PDF) The annual Kaspersky State of Stalkerware report aims to contribute to awareness and a better understanding of how people around the world are impacted by digital stalking. Stalkerware is commercially available software that can be discreetly installed on...

Top 10 web application vulnerabilities in 2021–2023

To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project (OWASP) online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major...

Mageia: Security Advisory (MGASA-2024-0054)

The remote host is missing an update for...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1268)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2024-1268)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an...

[SECURITY] [DLA 3757-1] nss security update

Debian LTS Advisory DLA-3757-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost March 10, 2024 https://wiki.debian.org/LTS Package : nss Version : 2:3.42.1-1+deb10u8 CVE ID :...

Bootiful Spring Boot in 2024 (part 1)

NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion.....

Firefox regressions

Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details USN-6649-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a...

Ubuntu 20.04 LTS : Firefox regressions (USN-6649-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6649-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Network tunneling with… QEMU?

Cyberattackers tend to give preference to legitimate tools when taking various attack steps, as these help them evade detection systems while keeping malware development costs down to a minimum. Network scanning, capturing a process memory dump, exfiltrating data, running files remotely, and even.....

[SECURITY] [DLA 3748-1] thunderbird security update

Debian LTS Advisory DLA-3748-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.8.0-1~deb10u1 CVE...

[SECURITY] [DLA 3747-1] firefox-esr security update

Debian LTS Advisory DLA-3747-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort March 04, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.8.0esr-1~deb10u1 CVE...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6669-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6669-1 advisory. An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash....

Debian dla-3747 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3747 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...

Debian dla-3748 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3748 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This...