#web

Debian Linux Security Advisory 5496-1 - A buffer overflow in parsing WebP images may result in the execution of arbitrary code.

Red Hat Security Advisory 2023-5146-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.111 and .NET Runtime 7.0.11. Issues addressed include a denial of service vulnerability.

Night Club Booking Software version 1.0 suffers from a cross site scripting vulnerability.

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on the compromised system. The campaign, which took place between 2020 and 2022, is no longer active. "

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: WIBU Systems CodeMeter Vulnerability: Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to escalate privileges or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: PSS(R)CAPE V14: All versions prior to V14.2023-08-23 PSS(R)CAPE V15: All versions prior to V15.0.22 PSS(R)E V34: All versions prior to V34.9.6 PSS(R)E V35: All versions PSS(R)ODMS V13.0: All versions PSS(R)ODMS V13.1: All versions prior to V13.1.12.1 SIMATIC PCS neo V3:...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC, SIPLUS Products Vulnerability: Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to create a denial-of-service condition by sending a specially crafted certificate. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00): All versions prior to v2.2 SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): All versions prior to v2.2 SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion8 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve other user's sessions data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Pavilion8, a model predictive control software, are affected: Pavilion8: versions v5.17.00 and v5.17.01 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHENTICATION CWE-287 The JMX Console within the Pavilion is exposed to application users and does not require authentication. If exploited, a malicious user could retrieve other application users' session data and or log users out of their sessions. CVE-2023-29463 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRA...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Parasolid Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code in the context of the current process. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens Parasolid, a 3D geometric modeling tool, are affected: Parasolid V34.1: all versions prior to V34.1.258 Parasolid V35.0: all versions prior to V35.0.253 Parasolid V35.0: all versions prior to V35.0.260 Parasolid V35.1: all versions prior to V35.1.184 Parasolid V35.1: all versions prior to V35.1.246 Parasolid ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low Attack Complexity Vendor: Siemens Equipment: SIMATIC Field PG and SIMATIC IPC Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated local user to potentially read other users' data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: SIMATIC Field PG M6: All Versions SIMATIC IPC BX-39A: All Versions SIMATIC IPC PX-39A: All Versions SIMATIC IPC PX-39A PRO: All Versions SIMATIC IPC RW-543A: All Versions SIMATIC IPC627E: All Versions SIMATIC IPC647E: All Versions SIMATIC...