[SECURITY] Fedora 41 Update: icecat-115.18.0-2.rh2.fc41

GNU IceCat is the GNU version of the Firefox ESR browser. Extensions included to this version of IceCat: LibreJS GNU LibreJS aims to address the JavaScript problem described in the article "The JavaScript Trap" of Richard Stallman. JShelter: Mitigates potential threats from JavaScript, including...

PT-2024-29789 · Hcl · Hcl Bigfix Inventory

Name of the Vulnerable Software and Affected Versions: HCL BigFix Inventory affected versions not specified Description: The issue is related to an improper handling of insufficient permissions or privileges in HCL BigFix Inventory. An attacker with access via a read-only account can possibly...

frood, an Alpine initramfs NAS

My NAS, frood, has a bit of a weird setup. It’s just one big initramfs containing a whole Alpine Linux system. It’s delightful and I am not sure why it’s not more common. As long as the bootloader can find the kernel and initramfs, the machine comes up cleanly. A/B deployments and rollbacks are...

ProjectSend 安全漏洞

ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in ProjectSend versions prior to r1720, which stems from being affected by an authentication vulnerability that allows a remote, unauthenticated attacker to se...

The vulnerability in the web interface of the SINEC INS software for managing network infrastructure stems from a user authentication check error. This allows a malicious individual to obtain information about the list of users of the SFTP service and to alter its configuration.

The vulnerability in the software web interface for managing network infrastructure SINEC INS is related to an authentication check error for requesting the final endpoint "/api/sftp/users". Exploiting this vulnerability could allow a attacker to obtain information about the user list of the SFTP...

PT-2024-17145 · E Lins · E-Lins H720 +6

Name of the Vulnerable Software and Affected Versions: E-Lins H685 versions up to 3.2 E-Lins H685f versions up to 3.2 E-Lins H700 versions up to 3.2 E-Lins H720 versions up to 3.2 E-Lins H750 versions up to 3.2 E-Lins H820 versions up to 3.2 E-Lins H820Q versions up to 3.2 E-Lins H820Q0 versions ...

pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...

GHSA-W7HQ-F2PJ-C53G pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...

The vulnerability of the SIMATIC Reader software for editing and managing projects and documents allows a perpetrator to activate additional functions of the device.

The vulnerability of the SIMATIC Reader software for editing and managing projects and documents is related to the presence of undocumented configuration commands. Exploiting this vulnerability can allow attackers to activate additional functions of the device by modifying the configuration files...

MTN Group: Cisco IOS XE instance at ████ vulnerable to CVE-██████

A vulnerability was discovered in a Cisco IOS XE instance that allowed bypassing authentication to reach a web endpoint and execute arbitrary Cisco IOS commands or make configuration changes with Privilege 15 privileges. The vulnerability was characterized by improper path validation to bypass...

Cisco IOS Software Web UI XSRF (cisco-sa-ios-webui-HfwnRgk)

According to its self-reported version, Cisco IOS is affected by a vulnerability. - A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system throu...

CVE-2024-20414

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration...

CVE-2024-20414

CVE-2024-20414 affects Cisco IOS Software and Cisco IOS XE Software Web UI. The issue is a CSRF flaw caused by accepting configuration changes via HTTP GET, allowing a remote attacker to trick an authenticated administrator into changing device config. Exploitation could change settings without a...

Cisco IOS and IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

A vulnerability in the web UI feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system through the web UI. This vulnerability is due to incorrectly accepting configuration...

CIRCUTOR TCP2RS+ 输入验证错误漏洞

CIRCUTOR TCP2RS+ is an Ethernet converter from CIRCUTOR. An input validation error vulnerability exists in CIRCUTOR TCP2RS+ version 1.3b, which originates from a vulnerability that allows an attacker to modify any configuration value without authentication, resulting in invalidating the device's...

CVE-2024-8956

PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can...

CVE-2024-31415

The CVE-2024-31415 issue affects Eaton Foreseer EPMS software. The root cause is insecurely stored encryption keys used to protect server configuration data, allowing an attacker with local access to potentially change or remove external server configurations. Public documents describe the vulner...

PT-2024-10394 · Cisco · Cisco Optical Site Manager +3

Name of the Vulnerable Software and Affected Versions: Cisco Crosswork Network Services Orchestrator NSO affected versions not specified Cisco ConfD affected versions not specified Cisco Optical Site Manager affected versions not specified Cisco RV340 Dual WAN Gigabit VPN Routers affected version...

CVE-2024-43392

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FWINCOMING.FROMIP FWINCOMING.INIP FWOUTGOING.FROMIP FWOUTGOING.INIP environment variable which can lead to a DoS...

CVE-2024-43393

A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FWINCOMING.FROMIP FWINCOMING.INIP FWOUTGOING.FROMIP FWOUTGOING.INIP FWRULESETS.FROMIP FWRULESETS.INIP environment...