FURUNO SYSTEMS Co.,Ltd. Security Vulnerabilities

2024-05 Cumulative Update for Microsoft server operating system version 21H2 for x64-based Systems (KB5037782)

Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your...

OpenCart Cross-Site Request Forgery (CSRF)

Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to...

Microsoft Windows Multiple Vulnerabilities (KB4586827)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4565483)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4540673)

This host is missing a critical security update according to Microsoft...

Microsoft Windows Multiple Vulnerabilities (KB4532693)

This host is missing a critical security update according to Microsoft...

CVE-2023-35720 ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability

ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists.....

CVE-2023-35720 ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability

ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists.....

CVE-2023-35720

ASUS RT-AX92U lighttpd mod_webdav.so SQL Injection Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. Authentication is not required to exploit this vulnerability. The specific flaw exists.....

CVE-2023-34301 Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt CO File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...

Mozilla Firefox ESR < 115.9

The version of Firefox ESR installed on the remote Windows host is prior to 115.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-13 advisory. An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. ...

Microsoft Windows Multiple Vulnerabilities (KB4580345)

This host is missing a critical security update according to Microsoft...

RHEL 9 : pcp (RHSA-2024:3321)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3321 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

RHEL 8 : pcp (RHSA-2024:3322)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3322 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

RHEL 9 : pcp (RHSA-2024:3325)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3325 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

RHEL 8 : pcp (RHSA-2024:3264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3264 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

CVE-2021-3899

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as...

Do not print on AppSocket and socketAPI printers

The host seems to be an AppSocket or socketAPI printer. Scanning it will waste paper. So ports 2000, 2501, 9100-9107, 9112-9116, 9200 and 10001...

RHEL 8 : pcp (RHSA-2024:3324)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3324 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

RHEL 8 : pcp (RHSA-2024:3323)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3323 advisory. Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance...

CVE-2023-6448

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable...

Microsoft Windows Multiple Vulnerabilities (KB5039211)

This host is missing an important security update according to Microsoft...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2024-21338 Local Privilege Escalation from Admin to...

CVE-2019-1185

An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially...

Mozilla Thunderbird < 115.9

The version of Thunderbird installed on the remote Windows host is prior to 115.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-14 advisory. An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. ...

CVE-2023-6448

Unitronics VisiLogic before version 9.9.00, used in Vision and Samba PLCs and HMIs, uses a default administrative password. An unauthenticated attacker with network access can take administrative control of a vulnerable...

Mozilla Thunderbird < 115.9

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-14 advisory. An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. ...

CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general...

CVE-2023-38817

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2024-21338 Local Privilege Escalation from Admin to...

CVE-2022-4584

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to.....

CVE-2022-4584

A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to.....

CVE-2023-38817

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...

Microsoft Windows Multiple Vulnerabilities (KB4565524)

This host is missing a critical security update according to Microsoft...

CVE-2024-35854

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....

CVE-2024-36007

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

CVE-2024-36007

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority)...

CVE-2024-35854

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end....

CVE-2024-35853

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...

Mozilla Firefox ESR < 115.9

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-13 advisory. An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. ...

Exploit for CVE-2024-27173

Poc CVE-2024-27173 Join t.me/SpiderzTM Shodan and FOFA...

CVE-2024-35853

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in...

Authenticated Scan / LSC Info Consolidation (Linux/Unix SSH Login)

Consolidation and reporting of various technical information about authenticated scans / local security checks (LSC) via SSH for Linux/Unix...

CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection...

Exploit for Command Injection in Ivanti Connect Secure

🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...

CVE-2024-28094

Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database...

Microsoft Windows Multiple Vulnerabilities (KB4592484)

This host is missing a critical security update according to Microsoft...

Database Open Access Information Disclosure Vulnerability

Various Database server might be prone to an information disclosure vulnerability if accessible to remote...

CVE-2022-28657

Apport does not disable python crash handler before entering...

ROS-20240617-02

A vulnerability in the bgpd/bgp_attr.c file of a software tool for implementing network routing on Unix-like FRRouting systems is related to read outside bgp_attr_aigp_valid bounds, as there are no AIGP checks. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...