Category Archives: Advisories

Execution with Unnecessary Privileges (CWE-250) CVE-2024-33894

Read Time:18 Second

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-033
Product: Ewon Cosy+
Manufacturer: HMS Industrial Networks AB
Affected Version(s): Firmware Versions: all versions
Tested Version(s): Firmware Version: 21.2s7
Vulnerability Type: Execution with Unnecessary Privileges (CWE-250)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2024-04-10
Solution Date: Not…

Read More

Use of Hard-coded Cryptographic Key (CWE-321) CVE-2024-33895

Read Time:19 Second

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-032
Product: Ewon Cosy+
Manufacturer: HMS Industrial Networks AB
Affected Version(s): Firmware Versions: < 21.2s10 and < 22.1s3
Tested Version(s): Firmware Version: 21.2s7
Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2024-04-10
Solution…

Read More

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CWE-78) CVE-2024-33896

Read Time:19 Second

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-018
Product: Ewon Cosy+
Manufacturer: HMS Industrial Networks AB
Affected Version(s): Firmware Versions: < 21.2s10 and < 22.1s3
Tested Version(s): Firmware Version: 21.2s7
Vulnerability Type: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
(CWE-78)
Risk Level: Medium
Solution Status:…

Read More

Cleartext Storage of Sensitive Information in a Cookie (CWE-315) CVE-2024-33892

Read Time:18 Second

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-017
Product: Ewon Cosy+
Manufacturer: HMS Industrial Networks AB
Affected Version(s): Firmware Versions: < 21.2s10 and < 22.1s3
Tested Version(s): Firmware Version: 21.2s7
Vulnerability Type: Cleartext Storage of Sensitive Information in a Cookie (CWE-315)
Risk Level: Low
Solution Status: Fixed
Manufacturer Notification:…

Read More

Improper Neutralization of Input During Web Page Generation (CWE-79) CVE-2024-33893

Read Time:18 Second

Posted by Moritz Abrell via Fulldisclosure on Aug 17

Advisory ID: SYSS-2024-016
Product: Ewon Cosy+
Manufacturer: HMS Industrial Networks AB
Affected Version(s): Firmware Versions: < 21.2s10 and < 22.1s3
Tested Version(s): Firmware Version: 21.2s7
Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification:…

Read More

Dovecot CVE-2024-23185: Very large headers can cause resource exhaustion when parsing message

Read Time:26 Second

Posted by Aki Tuomi via Fulldisclosure on Aug 17

Affected product: Dovecot IMAP Server
Internal reference: DOV-6601
Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling)
Vulnerable version: 2.2, 2.3
Vulnerable component: lib-mail
Report confidence: Confirmed
Solution status: Fixed in 2.3.21.1
Researcher credits: Vendor internal discovery
Vendor notification: 2024-01-31
CVE reference: CVE-2024-23185
CVSS: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)…

Read More

CVE-2024-23184: Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive

Read Time:26 Second

Posted by Aki Tuomi via Fulldisclosure on Aug 17

Affected product: Dovecot IMAP Server
Internal reference: DOV-6464
Vulnerability type: CWE-770 (Allocation of Resources Without Limits or Throttling)
Vulnerable version: 2.2, 2.3
Vulnerable component: lib-mail
Report confidence: Confirmed
Solution status: Fixed in 2.3.21.1
Researcher credits: Vendor internal discovery
Vendor notification: 2024-01-30
CVE reference: CVE-2024-23184
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N)…

Read More

python-webob-1.8.8-2.el8

Read Time:13 Second

FEDORA-EPEL-2024-fc8e1f0a44

Packages in this update:

python-webob-1.8.8-2.el8

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More

python-webob-1.8.8-2.el9

Read Time:13 Second

FEDORA-EPEL-2024-4a0acd6ee7

Packages in this update:

python-webob-1.8.8-2.el9

Update description:

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065

Read More