Category Archives: Advisories

USN-6787-1: Jinja2 vulnerability

Read Time:12 Second

It was discovered that Jinja2 incorrectly handled certain HTML attributes
that were accepted by the xmlattr filter. An attacker could use this issue
to inject arbitrary HTML attribute keys and values to potentially execute
a cross-site scripting (XSS) attack.

Read More

USN-6788-1: WebKitGTK vulnerabilities

Read Time:15 Second

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Read More

SEC Consult SA-20240527-0 :: Multiple vulnerabilities in HAWKI didactic interface

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 27

SEC Consult Vulnerability Lab Security Advisory < 20240527-0 >
=======================================================================
title: Multiple vulnerabilities
product: HAWKI (Interaction Design Team at the University of Applied
Sciences and Arts in Hildesheim/Germany)
vulnerable version: 1.0.0-beta.1, versions before commit 146967f
    fixed version: Github commit 146967f…

Read More

SEC Consult SA-20240524-0 :: Exposed Serial Shell on multiple PLCs in Siemens CP-XXXX Series

Read Time:18 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on May 27

SEC Consult Vulnerability Lab Security Advisory < 20240524-0 >
=======================================================================
title: Exposed Serial Shell on multiple PLCs
product: Siemens CP-XXXX Series (CP-2014, CP-2016, CP-2017, CP-2019, CP-5014)
vulnerable version: All hardware revisions
fixed version: Hardware is EOL, no fix
CVE number: –
impact: Low…

Read More