#web

Red Hat Security Advisory 2024-1491-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1490-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

LimeSurvey Community version 5.3.32 suffers from a persistent cross site scripting vulnerability.

Orange Station version 1.0 suffers from a remote shell upload vulnerability.

Red Hat Security Advisory 2024-1489-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1488-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1487-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Ubuntu Security Notice 6701-3 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: C-MORE EA9 HMI Vulnerabilities: Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit a remote device and inject malicious code on the panel. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of C-MORE EA9 HMI, a display system used for interfacing with controllers, are affected: C-MORE EA9 HMI EA9-T6CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T7CL: Version 6.77 and prior C-MORE EA9 HMI EA0-T7CL-R: Version 6.77 and prior C-MORE EA9 HMI EA9-T8CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T10CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T10WCL: Version 6.77 and prior C-MORE EA9 HMI EA9-T12CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T15CL: Version 6.77 and prior C-MORE EA9 HMI EA9-T15CL-R: Version 6.77 and prior C-...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View ME Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to the loss of view or control of the PanelView product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of FactoryTalk View ME, an HMI software application, are affected: FactoryTalk View ME: prior to v14 3.2 Vulnerability Overview 3.2.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79 A vulnerability exists in the affected product that allows a malicious user to restart the PanelView Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView product. CVE-2024-21914 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vecto...