PT-2022-22634 · Unknown · Omicard Edm

Name of the Vulnerable Software and Affected Versions: OMICARD EDM affected versions not specified Description: The mail image relay function in OMICARD EDM has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and access arbitrary system files...

CVE-2022-30285

In Quest KACE Systems Management Appliance SMA through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials...

CVE-2022-30285

In Quest KACE Systems Management Appliance SMA through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials...

CVE-2022-35925 Missing rate limit in Authentication in bookwyrm

BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their nginx.conf file that was...

CVE-2022-31154 Indirect Object Access in Sourcegraph Code Monitoring

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

Hardcoded credentials

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

CVE-2022-30313

Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...

CVE-2022-36988

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup OpsCenter server, NetBackup Primary server, or NetBackup Media server...

CVE-2022-2138 Advantech iView

The affected product is vulnerable due to missing authentication, which may allow an attacker to read or modify sensitive data and execute arbitrary code, resulting in a denial-of-service condition...

CVE-2022-34820

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 V2.2.28, SIPLUS NET CP 1242-7 V2 All versions V3.3.46, SIPLUS NET CP 1543-1 All versions V3.0.22, SIPLUS S7-1200 CP 1243-1 All versions V3.3.46, SIPLUS S7-1200 CP 1243-1 RAIL All versions...

CVE-2022-34820

A vulnerability has been identified in SIMATIC CP 1242-7 V2 All versions = V2.0 = V2.0 = V2.0 = V2.0 = V2.0 V2.2.28, SIPLUS NET CP 1242-7 V2 All versions V3.3.46, SIPLUS NET CP 1543-1 All versions V3.0.22, SIPLUS S7-1200 CP 1243-1 All versions V3.3.46, SIPLUS S7-1200 CP 1243-1 RAIL All versions...

SUSE-SU-2022:2253-1 Security update for salt

This update for salt fixes the following issues: - CVE-2022-22967: Fixed missing check for PAMACCTMGM return value that could be used to bypass authentication when using PAM bsc1200566...

CVE-2022-31068 Sensitive Data Exposure on Refused Inventory Files in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated...

389-ds-base: expired password was still allowed to access the database

A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication...

PT-2022-3935 · Dahua · Dahua Asi7Xxx +2

Name of the Vulnerable Software and Affected Versions: Dahua ASI7XXX versions prior to v1.000.0000009.0.R.220620 Dahua IPC-HDBW2XXX versions prior to v2.820.0000000.48.R.220614 Dahua IPC-HX2XXX versions prior to v2.820.0000000.48.R.220614 Description: The issue is related to the authentication...

SUSE: Security Advisory (SUSE-SU-2022:2159-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-20942 · 3S Smart Software Solutions · Codesys Gateway Server

Name of the Vulnerable Software and Affected Versions: CODESYS Gateway Server V2 versions prior to V2.3.9.38 Description: The issue allows an attacker to perform authentication by specifying a small password that matches a part of the longer real CODESYS Gateway password, as only a part of the...

Schneider Electric IGSS Data Server Access Control Error Vulnerability (CNVD-2023-38195)

The Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric, France. An Access Control Error vulnerability exists in Schneider Electric IGSS Data Server versions prior to 15.0.0.22140, which stems from the application's lack of...

CVE-2022-22967

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

GE Voluson 授权问题漏洞

GE Voluson is a diagnostic ultrasound solution from General Electric GE. A security vulnerability exists in GE Voluson S8 that originates from incorrect authentication in the service browser file /uscgi-bin/users.cgi. An attacker could exploit the vulnerability to launch an attack against the loc...