Unbreakable Enterprise kernel security update

5.4.17-2136.336.5.1 - vhost/scsi: null-ptr-dereference in vhostscsigetreq Haoran Zhang Orabug: 37138988 5.4.17-2136.336.5 - uek-rpm: Add skxedaccommon.ko to nanomodules Sherry Yang Orabug: 37030127 - EDAC, i10nm: make skxcommon.o a separate module Arnd Bergmann Orabug: 37030127 - uek-rpm:...

CVE-2024-8215 Payload Injection Attack via Management REST interface

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Payara Platform Payara Server Admin Console modules allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before...

Debian dla-3912 : ata-modules-5.10.0-29-armmp-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3912 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3912-1 [email protected]...

CVE-2024-9054

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...

CVE-2024-7801

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-7801

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-43686

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimeProvider 4100 data plot modules allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-43685

Improper Authentication vulnerability in Microchip TimeProvider 4100 login modules allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-43686

CVE-2024-43686 affects Microchip TimeProvider 4100 data plot modules. Vulnerable in TimeProvider 4100 versions 1.0 through before 2.4.7; condition is improper neutralization of input during web page generation, resulting in reflected XSS. Connected sources specify an affected product scope and th...

CVE-2024-9054 Remote code Execution inTimeProvider® 4100

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...

EUVD-2024-49694

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...

CVE-2024-7801 SQL injection in get_chart_data in TimeProvider 4100

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

CVE-2024-7801 SQL injection in get_chart_data in TimeProvider 4100

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Microchip TimeProvider 4100 Data plot modules allows SQL Injection.This issue affects TimeProvider 4100: from 1.0 before 2.4.7...

PT-2024-30612 · Microchip · Timeprovider 4100

Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 through 2.4.7 Description: The issue is related to improper authentication in the login modules of Microchip TimeProvider 4100, which allows session hijacking. Recommendations: For versions 1.0 through...

PT-2024-30613 · Microchip · Timeprovider 4100

Name of the Vulnerable Software and Affected Versions: Microchip TimeProvider 4100 versions 1.0 through 2.4.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. The...

CVE-2024-7824 Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7824 Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

CVE-2024-7825 Type confusion that can cause the WRSA.exe service to crash and generate a crash dump

Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit wrUrl.Dll modules allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3...

Metasploit Weekly Wrap-Up 09/27/2024

Epic Release! This week's release includes 5 new modules, 6 enhancements, 4 fixes and 1 documentation update. Among the new additions, we have an account take over, SQL injection, RCE, and LPE! Thank you to all the contributors who made it possible! New Module Content 5 Cisco Smart Software Manag...

The FIPS Compliance of HKDF

HKDF is an HMAC-based key-derivation function specified in RFC 5869. It’s nice and we generally like using it. FIPS Federal Information Processing Standards is used generally as a moniker for the set of standards, recommendations, and guidance published by the U.S. National Institute of Standards...