B&R Security Vulnerabilities

RHEL 4 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: tty hijacking possible in su via TIOCSTI ioctl (CVE-2005-4890) In GNU Coreutils through 8.29,...

RHEL 8 : kernel (RHSA-2020:2667)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2667 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...

WordPress Pingback File Information Disclosure

The version of WordPress installed on the remote host fails to sanitize the 'sourceURI' before passing it to the 'wp_remote_fopen()' function when processing pingbacks. An unauthenticated, remote attacker can leverage this issue to determine the existence of local files and possibly to view...

Exploit for Command Injection in Paloaltonetworks Pan-Os

PAN-OS Firewall Exploit Script This script is designed to...

(RHSA-2024:2583) Important: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) For more details about the security issue(s), including the impact, a...

Comersus Cart Cross-Site Scripting Vulnerability

The malicious user is able to compromise the parameters to invoke a Cross-Site Scripting attack. This can be used to take advantage of the trust between a client and server allowing the malicious user to execute malicious JavaScript on the...

CVE-2022-22984

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

RHEL 8 : linux-firmware (RHSA-2024:2583)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2583 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw: intel:...

RHEL 6 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. NetworkManager, wpa_supplicant: Improper x509v3 certificate and key file paths sanitization ...

Cetil 'logon_senha.asp' Cross Site Scripting Vulnerability

Cetil is prone to a cross-site scripting (XSS)...

MailPoet Newsletters for WordPress Arbitrary File Upload

The MailPoet Newsletters plugin for WordPress installed on the remote web server is affected by a file upload vulnerability due to a failure to properly authenticate users. An unauthenticated, remote attacker can exploit this issue to upload files with arbitrary code and then execute them on the...

CVE-2024-4044

A deserialization of untrusted data vulnerability exists in common code used by FlexLogger and InstrumentStudio that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects NI FlexLogger...

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Use of Hard-Coded Credentials (CVE-2023-2061)

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...

Mitsubishi Electric MELSEC iQ-R Series Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-20594)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via.....

F5 Networks BIG-IP : Intel BIOS vulnerability (K000137204)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000137204 advisory. Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user...

Sitecom Devices Hard-Coded Credentials (Telnet)

The remote Sitecom Device is using known hard-coded ...

Exploit for Path Traversal in Microsoft

Fully Weaponized CVE-2021-40444 Malicious docx generator to...

CVE-2024-21788

Uncontrolled search path in some Intel(R) GPA software before version 2023.4 may allow an authenticated user to potentially enable escalation of privilege via local...

CVE-2023-49614

Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information...

CVE-2024-21772

Uncontrolled search path in some Intel(R) Advisor software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local...

RHEL 7 : coreutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. coreutils: memory corruption flaw in parse_datetime() (CVE-2014-9471) coreutils: Non-privileged session...

Jetty < 9.2.9.v20150224 Shared Buffers Information Leakage Vulnerability - Active Check

Jetty is prone to an information leakage...

Security Advisory 0097

Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in...

openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2019-295)

This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues : Security issues fixed : CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899). CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory...

Moodle 'lib/kses.php' 'kses_bad_protocol_once' Function Arbitrary PHP Code Execution

The version of Moodle on the remote host includes a version of the KSES HTML filtering library that does not safely call 'preg_replace()' in the function 'kses_bad_protocol_once()' in 'lib/kses.php'. An unauthenticated, remote attacker can leverage this issue to inject arbitrary PHP code that will....

EulerOS Virtualization 3.0.6.0 : linux-firmware (EulerOS-SA-2024-1692)

According to the versions of the linux-firmware packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged...

CVE-2024-22379

Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local...

Atlassian Crowd XML External Entity Request Handling Arbitrary File Disclosure

The version of Atlassian Crowd installed on the remote host is affected by an XML External Entity (XXE) vulnerability. This vulnerability could allow a remote, unauthenticated attacker to retrieve arbitrary files from the remote host by sending a specially crafted HTTP request with a Document...

Exploit for Improper Access Control in Papercut Papercut Mf

CVE-2023-27350 The tool is designed specifically for...

Exploit for Improper Access Control in Papercut Papercut Mf

CVE-2023-27350 The tool is designed specifically for...

CVE-2024-22390

Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of...

RHEL 8 : linux-firmware (RHSA-2024:0577)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0577 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hw: intel:...

ASP Inline Corporate Calendar SQL injection

Multiple SQL injections affect ASP Inline Corporate...

Microsoft SQL (MSSQL) Server Blank Password (TCP/IP Listener)

The remote Microsoft SQL (MSSQL) Server has the...

Exploit for Use of Hard-coded Credentials in Dlink Dns-320L Firmware

Dinkleberry 🫐 Are you one of the 92,000+ people1...

Expose for Joomla! File Upload RCE

The Expose component for Joomla!, a third-party component for Flash galleries, running on the remote host is affected by a remote code execution vulnerability within the com_expose/uploadimg.php script due to improper sanitization or verification of uploaded files before placing them in a...

CentOS 6 : thunderbird (CESA-2019:0159)

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2023-49614

Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information...

Debian DLA-3102-1 : linux-5.10 - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3102 advisory. Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable...

Debian DSA-5207-1 : linux - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5207 advisory. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions....

Microsoft PlayReady Complete Client Identity Compromise

...

CentOS 7 : thunderbird (CESA-2019:0160)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 7 : thunderbird (RHSA-2019:0160)

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2023-28402

Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-27504

Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local...

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature

Summary A number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. Vulnerability 1: Bundle mismatch causes invalid verification. Summary A cosign bundle can be crafted to successfully verify a blob...

PHP-Nuke Gallery Add-on modules.php include Parameter Traversal Arbitrary File Access

The remote PHP-Nuke service has a version of the 'Gallery' Add-on that allow attackers to read arbitrary files on this host. Every file that the web server has access to can be read by...

Amazon Linux 2023 : microcode_ctl (ALAS2023-2023-189)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-189 advisory. Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation...

Siemens WinCC Microsoft SQL (MSSQL) Server Default Credentials (TCP/IP Listener)

The remote Microsoft SQL (MSSQL) Server has Siemens WinCC related default credentials...