CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100

Read Time:14 Second

Posted by Thomas Weber via Fulldisclosure on Jul 03

CyberDanube Security Research 20240703-0
——————————————————————————-
title| Authenticated Command Injection
product| Helmholz Industrial Router REX100
| MBConnectline mbNET.mini
vulnerable version| <= 2.2.11
fixed version| 2.2.13
CVE number| CVE-2024-5672
impact| High
homepage|…

Read More

SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jul 03

SEC Consult Vulnerability Lab Security Advisory < 20240627-0 >
=======================================================================
title: Local Privilege Escalation via MSI installer
product: SoftMaker Office / FreeOffice
vulnerable version: SoftMaker Office 2024 / NX before revision 1214
FreeOffice 2021 Revision 1068
FreeOffice 2024 before revision 1215…

Read More

SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products

Read Time:20 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jul 03

SEC Consult Vulnerability Lab Security Advisory < 20240626-0 >
=======================================================================
title: Multiple Vulnerabilities in Power Automation Products
product: Siemens CP-8000/CP-8021/CP8-022/CP-8031/CP-8050/SICORE
vulnerable version: CPC80 < V16.41 / CPCI85 < V5.30 / OPUPI0 < V5.30 / SICORE < V1.3.0 /
CPCX26 < V06.02 for CP-2016…

Read More

Novel DoS Vulnerability Affecting WebRTC Media Servers

Read Time:23 Second

Posted by Sandro Gauci via Fulldisclosure on Jul 03

Dear Colleagues,

We have published a new blog post discussing a novel Denial-of-Service (DoS) vulnerability affecting WebRTC media
servers.

## Executive summary (TL;DR)

A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC’s DTLS-SRTP,
specifically in their handling of ClientHello messages. This vulnerability arises from a race condition between ICE and
DTLS traffic and can be exploited…

Read More

APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8

Read Time:23 Second

Posted by Apple Product Security via Fulldisclosure on Jul 03

APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods
Firmware Update 6F8, and Beats Firmware Update 6F8

AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and
Beats Firmware Update 6F8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214111.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates…

Read More