Extension Unit 12" Profinet Security Vulnerabilities

toolsgalerie.com Cross Site Scripting vulnerability OBB-3939885

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Cisco NX-OS Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific...

thecheesecakefactory.com.mx Cross Site Scripting vulnerability OBB-3939864

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-44487 affecting package multus for versions less than 3.8-12

CVE-2023-44487 affecting package multus for versions less than 3.8-12. A patched version of the package is...

CVE-2023-25193 affecting package qt5-qtbase 5.12.11-12

CVE-2023-25193 affecting package qt5-qtbase 5.12.11-12. This CVE either no longer is or was never...

CVE-2022-3857 affecting package qt5-qtbase 5.12.11-12

CVE-2022-3857 affecting package qt5-qtbase 5.12.11-12. No patch is available...

CVE-2023-39325 affecting package multus for versions less than 3.8-12

CVE-2023-39325 affecting package multus for versions less than 3.8-12. A patched version of the package is...

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12. A patched version of the package is...

CVE-2023-44487 affecting package multus for versions less than 3.8-12

CVE-2023-44487 affecting package multus for versions less than 3.8-12. A patched version of the package is...

CVE-2023-44487 affecting package local-path-provisioner for versions less than 0.0.21-12

CVE-2023-44487 affecting package local-path-provisioner for versions less than 0.0.21-12. A patched version of the package is...

CVE-2024-6387

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...

CVE-2024-6387

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...

CVE-2024-6387

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group's trend of embedding spyware into curated video browsing applications, with a new expansion...

Indian Software Firm's Products Hacked to Spread Data-Stealing Malware

Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply...

CVE-2024-6387 Openssh: possible remote code execution due to a race condition in signal handling

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that...

stuco.hu Cross Site Scripting vulnerability OBB-3939820

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

BIT-dremio-2024-23768

Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source....

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems

OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. The vulnerability, codenamed regreSSHion, has been assigned the CVE identifier CVE-2024-6387. It...

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH's...

Debian: Security Advisory (DSA-5717-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-3833-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5714-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5710-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5712-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5715-1)

The remote host is missing an update for the...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-1856)

The remote host is missing an update for the Huawei...

CVE-2024-37078

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine...

Debian: Security Advisory (DSA-5723-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5707-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5704-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5705-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5706-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5701-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5716-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5713-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5720-1)

The remote host is missing an update for the...

CVE-2024-37354

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192) ...

Debian: Security Advisory (DLA-3840-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5708-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5722-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5702-1)

The remote host is missing an update for the...

FreeBSD-SA-24:04.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:04.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication remote code execution Category: contrib Module: openssh Announced:...

Debian: Security Advisory (DSA-5711-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5709-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5719-1)

The remote host is missing an update for the...

OpenSSH Server regreSSHion Remote Code Execution

...

mightytext.net Cross Site Scripting vulnerability OBB-3939778

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

karkafeerna.fi Cross Site Scripting vulnerability OBB-3939777

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

duell.fi Open Redirect vulnerability OBB-3939776

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...