Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Red Hat Security Advisory 2024-6720-03

Red Hat Security Advisory 2024-6720-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Packet Storm
Open in Source
#vulnerability#web#linux#red_hat#js#java#firefox
Red Hat Security Advisory 2024-6719-03

Red Hat Security Advisory 2024-6719-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Apple Security Advisory 09-16-2024-6

Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.

GHSA-2xpq-xp6c-5mgj: Contao affected by insert tag injection via canonical URL

### Impact It is possible to inject insert tags in canonical URLs which will be replaced when the page is rendered. ### Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. ### Workarounds Disable canonical tags in the settings of the website root page. ### References https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

GHSA-4p75-5p53-65m9: Contao affected by directory traversal in the file selector widget

### Impact Back end users can list files outside their file mounts or the document root in the FileSelector widget. ### Patches Update to Contao 4.13.49. ### Workarounds None. ### References https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose). ### Credits Thanks to Jakob Steeg from usd AG for reporting this vulnerability.

GHSA-vm6r-j788-hjh5: Contao affected by remote command execution through file upload

### Impact Back end users with access to the file manager can upload malicious files and execute them on the server. ### Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. ### Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory. ### References https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose). ### Credits Thanks to Jakob Steeg from usd AG for reporting this vulnerability.

Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense

Google has announced that it will be switching from KYBER to ML-KEM in its Chrome web browser as part of its ongoing efforts to defend against the risk posed by cryptographically relevant quantum computers (CRQCs). "Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)," David Adrian, David Benjamin, Bob Beck, and Devon O'Brien of the Chrome Team said. "The

U.S. Treasury Sanctions Executives Linked to Intellexa Predator Spyware Operation

The U.S. Department of Treasury has imposed fresh sanctions against five executives and one entity with ties to the Intellexa Consortium for their role in the development, operation, and distribution of a commercial spyware called Predator. "The United States will not tolerate the reckless propagation of disruptive technologies that threatens our national security and undermines the privacy and

Siemens SIMATIC S7-200 SMART Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC S7-200 SMART Devices Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SIMATIC S7-200 SMART Devices are affected: SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0): All versions SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0): All Versions SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0): All Versions SIMATIC S7-200 SMART CPU SR20 (6ES7288...

Millbeck Communications Proroute H685t-w

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Millbeck Communications Equipment: Proroute H685t-w Vulnerabilities: Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the device's operating system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Millbeck Communications Proroute H685t-w, a 4G router, are affected: Proroute H685t-w: Version 3.2.334 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-77 There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. CVE-2024-45682 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.2.2 Improper Neutralization of...