CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

CVE-2024-42229

In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using...

Rockwell Automation Logix Controllers

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules Vulnerability : Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this...

CVE-2023-28149

An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables...

New Research: The Proliferation of Cellular in IoT

Researchers explain the trend and argue for deeper understanding Analysis of Cellular Based Internet of Things IoT Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner. In thi...

The vulnerabilities of the CPCI85 and SICORE processor control modules from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, allow a hacker to gain full control over the device.

The vulnerability of the CPCI85 and SICORE processor module control systems from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, stems from the lack of necessary authentication checks during password reset operations. Exploiting this vulnerability allows a remote attacker to gain full...

The vulnerabilities of the CPCI85 and SICORE processor control modules from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, allow attackers to downgrade the firmware version of the devices.

The vulnerability of the CPCI85 and SICORE processor module control systems from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, stems from the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to downgrade the firmware version of the...

Amazon Linux 2 : edk2 (ALAS-2024-2591)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2591 advisory. Issue summary: Calling the OpenSSL API function SSLselectnextproto with anempty supported client protocols buffer may cause a crash or memory contents tobe sent to the peer. Impact summary: A buffer...

GHSA-CRJG-W57M-RQQF vulnerabilities

Vulnerabilities for packages: druid, hadoop-client-modules...

The vulnerability of the Plug-in Handler component of the OpenVPN software allows a hacker to load arbitrary modules.

The vulnerability of the Plug-in Handler component in the OpenVPN software involves unlimited downloading of dangerous files. Exploiting this vulnerability allows a remote attacker to download arbitrary modules...

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2024-2044)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An...

OESA-2024-1847 mod_http2 security update

Modhttp2 is an official Apache httpd module, first released in 2.4.17. See Apache downloads to get a released version. modproxyhttp2 has been released in 2.4.23. Security Fixes: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a...

CVE-2024-41004

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module...

USN-6899-1 gtk+2.0, gtk+3.0 vulnerability

It was discovered that GTK would attempt to load modules from the current directory, contrary to expectations. If users started GTK applications from shared directories, a local attacker could use this issue to execute arbitrary code, and possibly escalate privileges...

PT-2024-28034 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM affected versions not specified Description: The issue allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. Recommendations: At the...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2024-1917)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An...

DEBIAN-CVE-2024-41004

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module...

CVE-2024-41004

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module...

UBUNTU-CVE-2024-41004

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module...

CVE-2024-41004 tracing: Build event generation tests only as modules

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module...