Scalance Xr324wg (24 X Fe, Dc 24v) Security Vulnerabilities

CVE-2023-30430

IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: ...

CVE-2024-39376 Improper Access Control In TELSAT MarKoni FM Transmitter

TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated...

CVE-2024-39376 Improper Access Control In TELSAT MarKoni FM Transmitter

TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated...

CVE-2024-39375 Use of Client-Side Authentication in TELSAT marKoni FM Transmitter

TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator...

CVE-2024-39375 Use of Client-Side Authentication in TELSAT marKoni FM Transmitter

TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator...

CVE-2024-39374 Use of Hard-coded Credentials in TELSAT marKoni FM Transmitter

TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded...

CVE-2024-39373 Improper Neutralization of Special Elements used in a Command in TELSAT marKoni FM Transmitter

TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative...

CVE-2024-39373 Improper Neutralization of Special Elements used in a Command in TELSAT marKoni FM Transmitter

TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative...

CVE-2023-30430 IBM Security Verify Access information disclosure

IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: ...

CVE-2023-30430 IBM Security Verify Access information disclosure

IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: ...

CVE-2024-31883 IBM Security Verify Access denial of service

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: ...

CVE-2024-31883 IBM Security Verify Access denial of service

IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: ...

CVE-2024-6388

Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)

_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

aftodioikisi.gr Cross Site Scripting vulnerability OBB-3939285

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

frdb.dk Cross Site Scripting vulnerability OBB-3939281

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-1153

Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...

CVE-2024-1153

Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...

CVE-2024-1107

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...

CVE-2024-1107

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for June 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...

CVE-2024-1153 Improper Access Control in Talya Informatics' Travel APPS

Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...

CVE-2024-1153 Improper Access Control in Talya Informatics' Travel APPS

Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...

CVE-2024-1107 IDOR in Talya Informatics' Travel APPS

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...

CVE-2024-1107 IDOR in Talya Informatics' Travel APPS

Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...

‘Poseidon’ Mac stealer distributed via Google ads

On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...

SDG Technologies PnPSCADA

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities...

Yokogawa FAST/TOOLS and CI Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: FAST/TOOLS and CI Server Vulnerabilities: Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may allow...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...

Johnson Controls Illustra Essentials Gen 4

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Equipment: Illustra Essentials Gen 4 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

TELSAT marKoni FM Transmitter

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: marKoni Equipment: Markoni-D (Compact) FM Transmitters, Markoni-DH (Exciter+Amplifiers) FM Transmitters Vulnerabilities: Command Injection, Use of Hard-coded...

eromon.net Open Redirect vulnerability OBB-3939266

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

pusob.edu.np Open Redirect vulnerability OBB-3939259

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-0949

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...

CVE-2024-0949

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...

CVE-2024-0947

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...

CVE-2024-0947

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...

CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...

CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...

CVE-2024-0947 Cookies Manipulation in Talya Informatics' Elektraweb

Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb:...

Security Bulletin: Security vulnerabilities have been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool.

Summary There are security vulnerabilities in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3...

santoamaro.sc.gov.br Cross Site Scripting vulnerability OBB-3939251

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

petitefouine.fr Cross Site Scripting vulnerability OBB-3939250

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

cbc.esp.br Cross Site Scripting vulnerability OBB-3939238

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

pocky53.blog.fc2.com Cross Site Scripting vulnerability OBB-3939234

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Russian National Indicted for Cyber Attacks on Ukraine Before 2022 Invasion

A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed.....

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135...

Security Bulletin: IBM MQ Appliance is vulnerable to XML External Entity (XXE) injection and server-side request forgery (CVE-2024-22354 & CVE-2024-22329)

Summary IBM MQ Appliance has addressed XML External Entity (XXE) injection and server-side request forgery vulnerabilities. Vulnerability Details CVEID: CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are.....