#web

StimulusReflex versions 3.5.0 up to and including 3.5.0.rc2 and 3.5.0.pre10 suffer from an arbitrary code execution vulnerability.

Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.

Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.

Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-1311-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1310-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1309-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1308-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SENTRON 7KM PAC3120, SENTRON 7KM PAC3220 Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to read out the data from the internal flash of affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SENTRON 7KM PAC3120 and PAC3220, power measuring devices, are affected: SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0): Versions V3.2.3 and after but before V3.3.0 only when manufactured between LQN231003... and LQN231215... (with LQNYYMMDD...) SENTRON 7KM PAC3120 DC (7KM3...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Client Vulnerability: Insertion of Sensitive Information into Externally-Accessible File or Directory 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens SINEMA Remote Connect Client, a remote management platform, are affected: SINEMA Remote Connect Client: All versions prior to V3.1 SP1 3.2 Vulnerability Overview 3.2.1 INSERTION OF SENSITIVE INFORMATION INTO EXTERNALLY-ACCESSIBLE FILE OR...