Category Archives: Advisories

Advisories

SEC Consult SA-20241015-0 :: Multiple Vulnerabilities in Rittal IoT Interface & CMC III Processing Unit (CVE-2024-47943, CVE-2024-47944, CVE-2024-47945)

October 21, 2024

Read Time:6 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 20

No message preview for long message of 359314 bytes.

Advisories

CVE-2024-48939: Unauthorized enabling of API in Paxton Net2 software

October 21, 2024

Read Time:15 Second

Posted by Jeroen Hermans via Fulldisclosure on Oct 20

CloudAware Security Advisory

CVE-2024-48939: Unauthorized enabling of API in Paxton Net2 software

========================================================================
Summary
========================================================================
Bypass of Paxton Net2 API license. Possible leaking of PII and access to
admin functionality.
No physical access to computer running Paxton Net2 is required….

Advisories

USN-7077-1: AMD Microcode vulnerability

October 21, 2024

Read Time:15 Second

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors
did not properly restrict access to the System Management Mode (SMM)
configuration when the SMM Lock was enabled. A privileged local attacker
could possibly use this issue to further escalate their privileges and
execute arbitrary code within the processor’s firmware layer.

Advisories

DSA-5794-1 openjdk-17 – security update

October 21, 2024

Read Time:9 Second

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5794-1

Advisories

DSA-5795-1 python-sql – security update

October 21, 2024

Read Time:10 Second

Cedric Krier discovered that python-sql, a library to write SQL queries
in a pythonic way, performed insufficient sanitising which could result
in SQL injection.

https://security-tracker.debian.org/tracker/DSA-5795-1

Advisories