Omada Identity versions prior to 15U1 and 14.14 hotfix #309 suffer from a persistent cross site scripting vulnerability.
21bc2c1e539b8a5607d4a48de50177b06e6278b2748ca285f7f06ff1a7f48244Various Siemens products suffer from vulnerabilities. There is an unlocked JTAG Interface for Zynq-7000 on SM-2558 and a buffer overflow on the webserver of the SM-2558, CP-2016, and CP-2019 systems.
2548118a58dbb542f0442a86dacdd111ecd924baf60c89a6f4e26ee673279da0ABB Cylon Aspect version 3.08.00 suffers from a vulnerability in the fileSystemUpdate.php endpoint of the ABB BEMS controller due to improper handling of uploaded files. The endpoint lacks restrictions on file size and type, allowing attackers to upload excessively large or malicious files. This flaw could be exploited to cause denial of service (DoS) attacks, memory leaks, or buffer overflows, potentially leading to system crashes or further compromise.
6e89e797a99e4af20e920f830dd9d35524fb8f7cda429124413ba456f5750edaABB Cylon Aspect version 3.08.01 suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose various BACnet MS/TP statistics running on the device.
401fb887776d514d63369b3b8c3ccac1e8c60f72e1af99315a52566d675274c2ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose various protocol thread information running on the device.
ca4287c96f338aa0ded9fb59abe2c0b3c3fc4403c46d899dd995fa6355f2fe5fAppleAVD has an issue where a large OBU size in AV1_Syntax::Parse_Header reading can lead to out-of-bounds reads.
f5d5e8258c287b17deb1dcd5e1d0cebc5da361b98ef166bcd58023bc62a1af2cAppleAVD has an issue in AV1_Syntax::f leading to out-of-bounds reads.
8793fd0b760f2a8c6b210ae7701eec4e5ab9281a045322d56d92d2c1672e4bd1AppleAVD has an integer underflow in AV1_Syntax::Parse_Header that can lead to out-of-bounds reads.
c6dddb5cbf681203616f22b9385ebd751596c9da4d40dbd84bfdb8a9de7f9473Debian Linux Security Advisory 5822-1 - It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, is prone to a XXE vulnerability when loading an (untrusted) XML document.
85431118bd856c7599eb83762fc3fab1d23f7a8af72de6e94d268adceec09d88Debian Linux Security Advisory 5821-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
34b3d41ac0e5fa8d9af7c6eb6e938ed5616970dcd9b2ba815b499a9986a552ddDebian Linux Security Advisory 5820-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing or cross-site scripting.
e73949618c6fe048abeda6d05d0e917328bf7868cca95642a360120a1e2e86b7Simple Chat System version 1.0 suffers from a cross site scripting vulnerability.
ce97d4c23068feb8bbe8521655c316c4b069e124af31c5a63ff93f961e69dd83Ubuntu Security Notice 7132-1 - It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is able to intercept network communications could possibly use this issue to inject error messages that could be interpreted as valid query results.
d00c03ccbecd2d2eb28f46b3677b99e8cd0c8f6e7b0fcab8101b9d0f61d0f6c6Ubuntu Security Notice 6846-2 - USN-6846-1 fixed vulnerabilities in ansible. The update introduced a regression in ansible. This update fixes the problem. It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
c052fa5148ad1118b4d23a00e9f2df2fe3cf2520cd05184c995afb47b8009a72Ubuntu Security Notice 7131-1 - It was discovered that Vim incorrectly handled memory when closing a buffer, leading to use-after-free. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service.
34d204fbc042342583d9daf7e96ae838645115d3e4162682e799d88a59a4e1b6The Russian FSB appears to suffer from a cross site scripting vulnerability. The researchers who discovered it have reported it multiple times to them.
21d28464eeae42eb77e4f0ab81b9027767782d730809ac4ab3f85300f32aa7c0Laravel version 11.0 suffers from a cross site scripting vulnerability.
18c911de78fea14ce7c2b2016a2eed4ceae0df290d5eae7a1ebed85970fb75dbUbuntu Security Notice 7092-2 - USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.
9a1dbd140e8686d964ecd1d673ca3ffc581842212191e21e4897a1cd9c842acfRed Hat Security Advisory 2024-8704-03 - Kube Descheduler Operator for Red Hat OpenShift 5.0.2 for RHEL 9.
5370b3ff12180b0f0df717016a84548bf6b8667393f5d86bc8d62419d18509a9Red Hat Security Advisory 2024-10704-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.
8f0beb7860f5fba47dcde45cd2b2a31d0a4d4d0d311274a1d9a242992c0da7bbRed Hat Security Advisory 2024-10702-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.
b949c59b0bdbf8dca6e86106e92d2d665dfd29ae5b3fd356d0a65674a70298a6Red Hat Security Advisory 2024-10677-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.
3aa9e316d1221abf0e622633df4d6d36c32bc2823efb26e4b0aaf2833824cb98Red Hat Security Advisory 2024-10667-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.
1ffaf681e143fe0bf8d2f5e953f0ace08a081e9c292c5b6211dd20902896c4a8Red Hat Security Advisory 2024-10666-03 - An update for the gimp:2.8.22 module is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a buffer overflow vulnerability.
a524e410a51d8e384bb9ae9395fea90ed82d4fab5829b4d61af3d712de6108e3Nvidia GeForce version 11.0.1.163 suffers from an unquoted service path vulnerability.
f899342e79088e5e909435b982381694ddaed2c99c3ce95c2d35461b1b8d089e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed