Tag
#vulnerability
Red Hat Security Advisory 2024-8977-03 - An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.
Red Hat Security Advisory 2024-8694-03 - Red Hat OpenShift Container Platform release 4.12.68 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.
A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bosch Rexroth Equipment: IndraDrive Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Bosch Rexroth reports that the following versions of IndraDrive, servo drive system, are affected: Bosch Rexroth AG IndraDrive FWA-INDRV*-MP*: 17VRS < 20V36 3.2 Vulnerability Overview 3.2.1 Uncontrolled Resource Consumption CWE-400 A vulnerability in the PROFINET stack implementation of the IndraDrive of Bosch Rexroth allows an attacker to cause a denial-of-service, rendering the device unresponsive by sending arbitrary UDP messages. CVE-2024-48989 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3....
Defending your organization’s security is like fortifying a castle—you need to understand where attackers will strike and how they’ll try to breach your walls. And hackers are always searching for weaknesses, whether it’s a lax password policy or a forgotten backdoor. To build a stronger defense, you must think like a hacker and anticipate their moves. Read on to learn more about hackers'
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of DIAScreen, which is a component of Delta's DIAStudio Smart Machine Suite integrated engineering software package, are affected: DIAScreen: versions prior to v1.5.0 3.2 Vulnerability Overview 3.2.1 Stack-based Buffer Overflow CWE-121 If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code. CVE-2024-47131 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS ...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low Attack Complexity Vendor: Beckhoff Automation Equipment: TwinCAT Package Manager Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation this vulnerability could allow a local attacker with administrative access rights to execute arbitrary OS commands on the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Beckhoff Automation products are affected: TwinCAT Package Manager: Versions prior to 1.0.603.0 3.2 Vulnerability Overview 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 A local user with administrative access rights can enter specially crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed. CVE-2024-8934 has been assigned to this vulnerability. A CVSS v3 base score of 6...
Cisco Talos Incident Response (Talos IR) recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware.
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue. Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process.