Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-033 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: all...
Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-032 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: <...
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CWE-78) CVE-2024-33896
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-018 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: <...
Cleartext Storage of Sensitive Information in a Cookie (CWE-315) CVE-2024-33892
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-017 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: <...
Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2024-33893
Posted by Moritz Abrell via Fulldisclosure on Aug 17 Advisory ID: SYSS-2024-016 Product: Ewon Cosy+ Manufacturer: HMS Industrial Networks AB Affected Version(s): Firmware Versions: <...
Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message
Posted by Aki Tuomi via Fulldisclosure on Aug 17 Affected product: Dovecot IMAP Server Internal reference: DOV-6601 Vulnerability type: CWE-770 (Allocation of Resources Without Limits...
CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive
Posted by Aki Tuomi via Fulldisclosure on Aug 17 Affected product: Dovecot IMAP Server Internal reference: DOV-6464 Vulnerability type: CWE-770 (Allocation of Resources Without Limits...
DSA-5750-1 python-asyncssh – security update
Support for the "strict kex" SSH extension has been backported to AsyncSSH (a Python implementation of the SSHv2 protocol) as hardening against the Terrapin attack....
python-webob-1.8.8-2.el8
FEDORA-EPEL-2024-fc8e1f0a44 Packages in this update: python-webob-1.8.8-2.el8 Update description: Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065 Update to upstream. Fix open redirect issue...
python-webob-1.8.8-2.el9
FEDORA-EPEL-2024-4a0acd6ee7 Packages in this update: python-webob-1.8.8-2.el9 Update description: Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065 Update to upstream. Fix open redirect issue...