News

Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions

Read Time:8 Second

The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found

Read More

Advisories

clamav-1.0.7-1.el8

Read Time:26 Second

FEDORA-EPEL-2024-cef1a533b1

Packages in this update:

clamav-1.0.7-1.el8

Update description:

Update to 1.0.7

CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.

Read More

Advisories

[SYSS-2024-030]: C-MOR Video Surveillance – OS Command Injection (CWE-78)

Read Time:19 Second

Posted by Matthias Deeg via Fulldisclosure on Sep 05

Advisory ID: SYSS-2024-030
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public Disclosure: 2024-09-04…

Read More

Advisories

[SYSS-2024-029]: C-MOR Video Surveillance – Dependency on Vulnerable Third-Party Component (CWE-1395)

Read Time:17 Second

Posted by Matthias Deeg via Fulldisclosure on Sep 05

Advisory ID: SYSS-2024-029
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401
Tested Version(s): 5.2401
Vulnerability Type: Dependency on Vulnerable Third-Party
Component (CWE-1395)
Use of Unmaintained Third Party Components
(CWE-1104)
Risk Level: High
Solution Status: Fixed…

Read More

Advisories

[SYSS-2024-028]: C-MOR Video Surveillance – Cleartext Storage of Sensitive Information (CWE-312)

Read Time:18 Second

Posted by Matthias Deeg via Fulldisclosure on Sep 05

Advisory ID: SYSS-2024-028
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: Cleartext Storage of Sensitive Information
(CWE-312)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public…

Read More

Advisories

[SYSS-2024-027]: C-MOR Video Surveillance – Improper Privilege Management (CWE-269)

Read Time:18 Second

Posted by Matthias Deeg via Fulldisclosure on Sep 05

Advisory ID: SYSS-2024-027
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: Improper Privilege Management (CWE-269)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public Disclosure:…

Read More

Advisories

[SYSS-2024-026]: C-MOR Video Surveillance – Unrestricted Upload of File with Dangerous Type (CWE-434)

Read Time:19 Second

Posted by Matthias Deeg via Fulldisclosure on Sep 05

Advisory ID: SYSS-2024-026
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401
Tested Version(s): 5.2401
Vulnerability Type: Unrestricted Upload of File with Dangerous
Type (CWE-434)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2024-04-05
Solution Date: 2024-07-31
Public Disclosure:…

Read More

Advisories

[SYSS-2024-025]: C-MOR Video Surveillance – Relative Path Traversal (CWE-23)

Read Time:19 Second

Posted by Matthias Deeg via Fulldisclosure on Sep 05

Advisory ID: SYSS-2024-025
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401
Tested Version(s): 5.2401
Vulnerability Type: Relative Path Traversal (CWE-23)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2024-04-05
Solution Date: 2024-07-31
Public Disclosure: 2024-09-04
CVE…

Read More

News, Advisories and much more

Exit mobile version