Authenticated Code Injection – smfv2.1.4
Posted by Andrey Stoykov on Aug 17 # Exploit Title: Authenticated Code Injection - smfv2.1.4 # Date: 8/2024 # Exploit Author: Andrey Stoykov # Version:...
Improper Authentication (CWE-287) CVE-2024-33897
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-043 Product: Ewon Cosy+ / Talk2M Remote Access Solution Manufacturer: HMS Industrial Networks AB...
Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-033 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: all...
Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: <...
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CWE-78) CVE-2024-33896
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-018 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: <...
Cleartext Storage of Sensitive Information in a Cookie (CWE-315) CVE-2024-33892
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-017 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: <...
Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2024-33893
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-016 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: <...
Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message
Posted by Aki Tuomi via Fulldisclosure on Aug 17 Affected product: Dovecot IMAP Server Internal reference: DOV-6601 Vulnerability type: CWE-770 (Allocation of Resources Without Limits...
CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive
Posted by Aki Tuomi via Fulldisclosure on Aug 17 Affected product: Dovecot IMAP Server Internal reference: DOV-6464 Vulnerability type: CWE-770 (Allocation of Resources Without Limits...
DSA-5750-1 python-asyncssh – security update
Support for the "strict kex" SSH extension has been backported to AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening against the Terrapin attack....