#vulnerability

Red Hat Security Advisory 2024-0254-03 - An update for rsync is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer over-read vulnerability.

Red Hat Security Advisory 2024-0253-03 - An update for sqlite is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-0252-03 - An update for krb5 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include bypass and cross site request forgery vulnerabilities.

Ubuntu Security Notice 6582-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

MailCarrier version 2.51 remote denial of service exploit.

Ubuntu Security Notice 6580-1 - It was discovered that w3m incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

LightFTP version 1.1 remote denial of service exploit.

Over 178,000 SonicWall firewalls exposed over the internet are exploitable to at least one of the two security flaws that could be potentially exploited to cause a denial-of-service (DoS) condition and remote code execution (RCE). “The two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern,” Jon Williams, a senior security

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: SEW-EURODRIVE Equipment: MOVITOOLS MotionStudio Vulnerability: Improper Restriction of XML EXTERNAL Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could result in open access to file information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of MOVITOOLS MotionStudio are affected: MOVITOOLS MotionStudio: Version 6.5.0.2 3.2 Vulnerability Overview 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611 When the affected product processes XML information unrestricted file access can occur. CVE-2023-6926 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Multiple COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Germany 3.4 RESEARCHER Esjay (@esj4y) working with Trend Micr...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Integration Objects Equipment: OPC UA Server Toolkit Vulnerability: Improper Output Neutralization for Logs 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to add content to the log file. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of OPC UA Server Toolkit, OPC library designed to allow creation of OPC DA, DX and HDA servers software, are affected: OPC UA Server Toolkit: All versions 3.2 Vulnerability Overview 3.2.1 Improper Output Neutralization for Logs CWE-117 OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field. CVE-2023-7234 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE...