Siemens SINEC INS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker...

Siemens Polarion ALM

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Polarion ALM Vulnerability: Cross-site Scripting 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-22-069-08 Siemens Polarion ALM that...

Important: expat, thunderbird

Issue Overview: An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the mbuffer expansion logic to allow allocations very close to INTMAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution. CVE-2022-25315...

Amazon Linux 2 : thunderbird (ALAS-2022-1763)

The version of thunderbird installed on the remote host is prior to 91.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1763 advisory. The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markup th...

Debian DSA-5090-1 : firefox-esr - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5090 advisory. Two security issues have been found in the Mozilla Firefox web browser, which result in the execution of arbitrary code. For the oldstable distribution buste...

Mageia: Security Advisory (MGASA-2022-0089)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated firefox packages fix security vulnerabilities

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free CVE-2022-26485. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape CVE-2022-26486...

CVE-2022-26485

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus 97.3.0...

CVE-2021-43392

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...

Formcraft3 < 3.8.28 - Unauthenticated SSRF

The plugin does not validate the URL parameter in the formcraft3get AJAX action, leading to SSRF issues exploitable by unauthenticated users PoC https://example.com/wp-admin/admin-ajax.php?action=formcraft3get=https://wpscan.com...

CVE-2021-43535

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash...

D-Link Dir-823-Pro Command Injection Vulnerability (CNVD-2022-15177)

D-Link Dir-823-Pro is a dual-band smart wireless router from China Youxun D-Link. D-Link DIR-823-Pro v1.0.2 contains a command injection vulnerability, which can be exploited by attackers to execute arbitrary commands via the stationaccessenable parameter...

fokus.foto.no Cross Site Scripting vulnerability OBB-2378858

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Apache Cassandra database affected by easily exploitable Remote code execution

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Apache Cassandra is a database software being used by many companies such as Uber, Facebook, Netflix, Twitter, Instagram, Spotify, Instacart, Reddit, and Accenture. A remote code execution flaw CVE-2021-44521 is reported whi...

New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager

Multiple security vulnerabilities have been disclosed in Canonical's Snap software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges. Snaps are self-contained application packages that are designed to work on operating syste...

Vulnerability in UpdraftPlus Allowed Subscribers to Download Sensitive Backups

Update: a previous version of this article indicated that an attacker would need to begin their attack when a backup was in progress, and would need to guess the appropriate timestamp to download a backup. Since the article was originally published, we have found that it is possible to obtain a...

GHSA-6Q8R-5PM6-V2Q8 Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin

Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not escape parameter names of custom checkbox parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin

Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape parameter names of agent server parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

GHSA-2587-W93G-63M2 Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files

Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. This allows attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. Thi...

GHSA-MV5C-724F-3FQ7 Stored Cross-site Scripting vulnerability in Jenkins Team Views Plugin

Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Read permission...