[SYSS-2024-037] DiCal-RED – Use of Password Hash With Insufficient Computational Effort
Posted by Sebastian Hamann via Fulldisclosure on Aug 22 Advisory ID: SYSS-2024-037 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Version(s): Unknown Tested Version(s): 4009 Vulnerability...
[SYSS-2024-035] DiCal-RED – Missing Authentication for Critical Function
Posted by Sebastian Hamann via Fulldisclosure on Aug 22 Advisory ID: SYSS-2024-035 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Version(s): Unknown Tested Version(s): 4009 Vulnerability...
[SYSS-2024-036] DiCal-RED – Missing Authentication for Critical Function
Posted by Sebastian Hamann via Fulldisclosure on Aug 22 Advisory ID: SYSS-2024-036 Product: DiCal-RED Manufacturer: Swissphone Wireless AG Affected Version(s): Unknown Tested Version(s): 4009 Vulnerability...
Re: Improper Authentication (CWE-287) CVE-2024-33897
Posted by Jeffrey Walton on Aug 22 I believe the problem lies elsewhere. The root cause is an architectural or design problem. Ewon Cosy+ should...
` Piano `
Posted by Teri Olson on Aug 22 Hello, I'm giving out my late husband's Yamaha Baby Grand Piano for free to any passionate instrument lover....
USN-6980-1: ImageMagick vulnerabilities
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially...
USN-6978-1: XStream vulnerabilities
It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue to read arbitrary files....
USN-6972-2: Linux kernel (AWS) vulnerabilities
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker...
USN-6979-1: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...
ZDI-24-1158: Rockwell Automation ThinManager ThinServer Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The...