CVE-2024-10964 emqx neuron plugin_handle.c handle_add_plugin buffer overflow

A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handleaddplugin in the library cmd.library of the file plugins/restful/pluginhandle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is...

CVE-2024-10964 emqx neuron plugin_handle.c handle_add_plugin buffer overflow

A vulnerability classified as critical has been found in emqx neuron up to 2.10.0. Affected is the function handleaddplugin in the library cmd.library of the file plugins/restful/pluginhandle.c. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. It is...

Neuron 安全漏洞

Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. A security vulnerability exists in Neuron version 2.10.0 and prior versions, which stems from a buffer overflow issue...

Neuron 访问控制错误漏洞

Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. An Access Control Error vulnerability exists in Neuron version 2.10.0 and prior versions, which stems from an information...

PT-2024-16669 · Emq · Emqx Neuron

Name of the Vulnerable Software and Affected Versions: emqx neuron versions up to 2.10.0 Description: A vulnerability was found in emqx neuron, affecting an unknown functionality of the file "/api/v2/schema" of the component JSON File Handler. This leads to information disclosure and can be...

Malicious code in neuron-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c39e11d5c0e9f49ca7c1e136d6f73f692162e1873d0def4a3135bd3dacbdd9ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8997 Malicious code in neuron-viewer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c39e11d5c0e9f49ca7c1e136d6f73f692162e1873d0def4a3135bd3dacbdd9ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-4MQG-H5JF-J9M7 TorchServe Pre-Auth Remote Code Execution

Impact Use of Open Source Library potentially exposed to RCE Issue: Use of a version of the SnakeYAML v1.31 open source library with multiple issues that potentially exposes the user to unsafe deserialization of Java objects. This could allow third parties to execute arbitrary code on the target...

The End of False Positives for Web and API Security Scanning?

July may positively disrupt and adrenalize the old-fashioned Dynamic Application Security Scanning DAST market, despite the coming holiday season. The pathbreaking innovation comes from ImmuniWeb, a global application security company, well known for, among other things, its free Community Editio...

Inefficient Regular Expression Complexity in x-neuron/antdfront

✍️ Description A ReDoS regular expression denial of service flaw was found in the antdFront package. An attacker that is able to provide crafted input to the isUrlinput function may cause an application to consume an excessive amount of CPU. 🕵️‍♂️ Proof of Concept Create the following poc.mjs //...

Capsule Technologies SmartLinx Neuron 2 (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Low skill level to exploit/public exploits are available Vendor: Capsule Technologies Equipment: SmartLinx Neuron 2 Vulnerability: Protection Mechanism Failure 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Turla Compromises, Infiltrates Iranian APT Infrastructure

The Turla APT group has been spotted co-opting two cyberweapons from an Iranian APT APT 34, according to one set of researchers, known as the Nautilus and Neuron implants, and deploying them against targets in the Middle East. The group also infiltrated the global operational infrastructure used ...

NSA and NCSC Release Joint Advisory on Turla Group Activity

The National Security Agency NSA and the United Kingdom National Cyber Security Centre NCSC have released a joint advisory on advanced persistent threat APT group Turla—widely reported to be Russian and also known as Snake, Uroburos, VENEMOUS BEAR, or Waterbug. The advisory provides an update to...

CVE-2019-5024

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full...

CVE-2019-5024

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full...

Design/Logic Flaw

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full...

CVE-2019-5024

Capsule Technologies SmartLinx Neuron 2 devices (firmware 9.0.3 and older) contain a restricted environment escape vulnerability in kiosk mode. A specific sequence of USB keyboard inputs can escape the restricted environment and grant full administrator access to the underlying Windows OS. Affect...

CVE-2019-5024

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full...

Capsule Technologies SmartLinx Neuron 2 restricted environment protection mechanism failure vulnerability

Summary A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in ful...

NCSC Releases Security Advisory

The United Kingdom's National Cyber Security Centre NCSC has released a report updating its guidance on Turla Neuron malware, which provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats. NCCIC/US-CERT encourages users a...