#vulnerability

Red Hat Security Advisory 2024-1315-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-1314-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

GitLab CE/EE versions prior to 16.7.2 suffer from a password reset vulnerability.

Red Hat Security Advisory 2024-1311-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1310-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1309-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1308-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Client Vulnerability: Insertion of Sensitive Information into Externally-Accessible File or Directory 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SINEMA Remote Connect Client, a remote management platform, are affected: SINEMA Remote Connect Client: All versions prior to V3.1 SP1 3.2 Vulnerability Overview 3.2.1 INSERTION OF SENSITIVE INFORMATION INTO EXTERNALLY-ACCESSIBLE FILE OR...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Missing Encryption of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Expected Behavior Violation, Improper Authentication, Out-of-bounds Write, Use After Free, Inadequate Encryption Strength, Use of Insufficiently Random Values, Incorrect Authorization, Improper Locking, Improper Restriction of Rendered UI Layers or Frames, Improper Privilege Management, Missing Authorization, Cleartext Storage of Sensitive ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: Heap-based Buffer Overflow, External Control of File Name or Path, Improper Privilege Management, Uncontrolled Resource Consumption, Improper Certificate Validation, Out-of-bounds Write, Use of Externally-Controlled Format String 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute elevated actions, cause a denial-of-service, or execute arbitrary commands or code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens RUGGEDCOM APE1808, an applicati...