#web

Red Hat Security Advisory 2024-5439-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-5436-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-5433-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Google has released an update to Chrome that fixes one zero-day vulnerability and introduces Google Lens for desktop.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.4 ATTENTION: Exploitable locally Vendor: Rockwell Automation Equipment: Emulate3D Vulnerability: Externally Controlled Reference to a Resource in Another Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of Rockwell Automation Emulate3D, a Digital Twin technology, is affected: Emulate3D: Versions 17.00.00.13276 3.2 Vulnerability Overview 3.2.1 Externally Controlled Reference to a Resource in Another Sphere CWE-610 A vulnerability exists in Rockwell Automation Emulate3D, which could be leveraged to execute a DLL hijacking attack. The application loads shared libraries, which are readable and writable by any user. If exploited, a malicious user could leverage a malicious DLL and perform a remote code execution attack. CVE-2024-6079 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.7 has...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Avtec Equipment: Outpost 0810, Outpost Uploader Utility Vulnerability: Storage of File with Sensitive Data Under Web Root, Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges on the affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Avtec products are affected: Outpost 0810: Versions prior to v5.0.0 Outpost Uploader Utility: Versions prior to v5.0.0 3.2 Vulnerability Overview 3.2.1 STORAGE OF FILE WITH SENSITIVE DATA UNDER WEB ROOT CWE-219 Avtec Outpost stores sensitive information in an insecure location without proper access controls in place. CVE-2024-39776 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calcula...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 5015 - AENFTXT Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation 5015 - AENFTXT, a part of the FLEXHA 5000 I/O Modules, are affected: 5015 - AENFTXT: Version 2.011 3.2 Vulnerability Overview 3.2.1 Improper Input Validation CWE-20 An input validation vulnerability exists in the affected products when a manipulated PTP packet is sent, causing the secondary adapter to result in a major nonrecoverable fault. If exploited, a power cycle is required to recover the product. CVE-2024-6089 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). A CVSS v4 score has also been cal...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MOBOTIX Equipment: P3 Cameras, Mx6 Cameras Vulnerability: Improper Neutralization of Expression/Command Delimiters 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to achieve remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of MOBOTIX are affected: P3 D24M: MX-V4.1.4.11, MX-V4.1.4.70, MX-V4.1.6.25, MX-V4.1.6.27, MX-V4.1.9.29, MX-V4.1.10.28, MX-V4.1.10.35, MX-V4.2.1.43, MX-V4.2.1.61, MX-V4.3.0.15, MX-V4.3.2.45, MX-V4.3.2.53, MX-V4.3.2.68, MX-V4.3.2.72, MX-V4.3.2.77, MX-V4.3.4.50, MX-V4.3.4.66, MX-V4.3.4.83, MX-V4.4.0.31, MX-V4.4.0.31.r1, MX-V4.4.1.55, MX-V4.4.1.56, MX-V4.4.2.34, MX-V4.4.2.51.r1, MX-V4.4.2.69, MX-V4.4.2.73 P3 M24M: MX-V4.1.4.11, MX-V4.1.4.70, MX-V4.1.6.25, MX-V4.1.6.27, MX-V4.1.9.29, MX-V4.1.10.28, MX-V4.1.10.35, MX-V4.2.1.43, MX-V4.2.1.61, MX-V4.3.0.15, MX-V4.3.2.45, MX-V...

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an

Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2 fail to sanitize user inputs in the frontend that are used for redirection which allows for a one-click client-side path traversal that is leading to CSRF in User Management page of the system console.