Category Archives: Advisories

Advisories

CyberDanube Security Research 20240703-0 | Authenticated Command Injection in Helmholz Industrial Router REX100

Read Time:14 Second

Posted by Thomas Weber via Fulldisclosure on Jul 03

CyberDanube Security Research 20240703-0
——————————————————————————-
title| Authenticated Command Injection
product| Helmholz Industrial Router REX100
| MBConnectline mbNET.mini
vulnerable version| <= 2.2.11
fixed version| 2.2.13
CVE number| CVE-2024-5672
impact| High
homepage|…

Read More

Advisories

SEC Consult SA-20240627-0 :: Local Privilege Escalation via MSI installer in SoftMaker Office / FreeOffice

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jul 03

SEC Consult Vulnerability Lab Security Advisory < 20240627-0 >
=======================================================================
title: Local Privilege Escalation via MSI installer
product: SoftMaker Office / FreeOffice
vulnerable version: SoftMaker Office 2024 / NX before revision 1214
FreeOffice 2021 Revision 1068
FreeOffice 2024 before revision 1215…

Read More

Advisories

SEC Consult SA-20240626-0 :: Multiple Vulnerabilities in Siemens Power Automation Products

Read Time:20 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jul 03

SEC Consult Vulnerability Lab Security Advisory < 20240626-0 >
=======================================================================
title: Multiple Vulnerabilities in Power Automation Products
product: Siemens CP-8000/CP-8021/CP8-022/CP-8031/CP-8050/SICORE
vulnerable version: CPC80 < V16.41 / CPCI85 < V5.30 / OPUPI0 < V5.30 / SICORE < V1.3.0 /
CPCX26 < V06.02 for CP-2016…

Read More

Advisories

Novel DoS Vulnerability Affecting WebRTC Media Servers

Read Time:23 Second

Posted by Sandro Gauci via Fulldisclosure on Jul 03

Dear Colleagues,

We have published a new blog post discussing a novel Denial-of-Service (DoS) vulnerability affecting WebRTC media
servers.

## Executive summary (TL;DR)

A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC’s DTLS-SRTP,
specifically in their handling of ClientHello messages. This vulnerability arises from a race condition between ICE and
DTLS traffic and can be exploited…

Read More

Advisories

APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8

Read Time:23 Second

Posted by Apple Product Security via Fulldisclosure on Jul 03

APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods
Firmware Update 6F8, and Beats Firmware Update 6F8

AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and
Beats Firmware Update 6F8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214111.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates…

Read More

Advisories

17 vulnerabilities in Sharp Multi-Function Printers

Read Time:23 Second

Posted by Pierre Kim on Jul 03

## Advisory Information

Title: 17 vulnerabilities in Sharp Multi-Function Printers
Advisory URL: https://pierrekim.github.io/advisories/2024-sharp-mfp.txt
Blog URL: https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
Date published: 2024-06-27
Vendors contacted: JPCERT
Release mode: Released
CVE: CVE-2024-28038, CVE-2024-36251, CVE-2024-28955, CVE-2024-29146,
CVE-2024-29978, CVE-2024-32151, CVE-2024-33605,…

Read More