The vulnerability of the programming software for PLCs (programmable logic controllers), EcoStruxure Control Exper, allows a intruder to execute arbitrary code.

The vulnerability of the EcoStruxure Control Exper programming tool for programmable logic controllers is related to deficiencies in the separation of the controlled system area. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the API scripts api_jsonrpc.php and index.php of the universal monitoring system Zabbix allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the API JSON RPC.php and index.php implementations of the Zabbix monitoring system is related to the exposure of information due to inconsistencies. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...

Lenovo XClarity Controller 安全漏洞

Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. A security vulnerability exists in Lenovo XClarity Controller that stems from the possibility that a valid, authenticated user with...

[SECURITY] [DLA 3408-1] jruby security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS -...

CVE-2022-31647

Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659...

ChatGPT writes insecure code

Research by computer scientists associated with the Universite du Quebec in Canada has found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. "How Secure is Code Generated by ChatGPT?" is the work of Raphael Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou...

RLSA-2023:1743 Important: nodejs:14 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.3. Security Fixes: decode-uri-component: improper input validation resulting i...

USN-6038-1: Go vulnerabilities

It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. CVE-2022-1705 It was discovered that Go did not properly manage memory under certain...

A New CrossLock Ransomware Threat with Cross-Platform Capabilities and Double Extortion Techniques

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CrossLock ransomware, implemented in Go programming language, uses double extortion technique to encrypt and exfiltrate data, posing a significant threat to businesses and organizations. To receive...

Fedora: Security Advisory for ruby (FEDORA-2023-a7be7ea1aa)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

iOS Lockdown Mode effective against NSO zero-click exploit

Apples Lockdown Mode feature alerted a victim to one of the latest NSO exploits, according to a report by Citizen Lab. image courtesy of Citizen Lab This is a huge deal since it shows how useful Lockdown Mode can be, even against exploits developed by one of the worlds most notorious commercial...

[SECURITY] Fedora 37 Update: ruby-3.1.4-175.fc37

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Schneider Electric EcoStruxure Control Expert Code Execution Vulnerability

Schneider Electric EcoStruxure Control Expert is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A code execution vulnerability exists in Schneider Electric EcoStruxure Control Expert V15.1 and prior versions, which arises from the...

Cross site scripting

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

PT-2023-8608 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 4.2-milestone-1 through 14.10 Description: The issue concerns the "restricted" mode of the HTML cleaner in XWiki, which allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. This...

ROS-20230418-02

A vulnerability in the PHP programming language is related to the kernel's path resolution function, which allocates a buffer one bytes less than necessary, if paths are resolved with a length close to the MAXPATHLEN system parameter, this can cause the byte after the allocated buffer to be...

CVE-2023-29213 org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of org.xwiki.platform:xwiki-platform-logging-ui it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image wi...

Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites

A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control GC2 amid broader abuse of Google's infrastructure for malicious ends. The tech giant's Threat Analysis Group TAG attributed the campaign to ...

[SECURITY] Fedora 36 Update: golang-1.19.8-1.fc36

The Go Programming Language...

[SECURITY] Fedora 38 Update: golang-1.20.3-1.fc38

The Go Programming Language...