The vulnerability of the configuration file implementation of the Hitachi Energy MicroSCADA X SYS600 software for equipment monitoring and control systems allows a perpetrator to execute arbitrary code with root privileges.

The vulnerability of the configuration file implementation of the Hitachi Energy MicroSCADA X SYS600 software for equipment monitoring and control exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute...

DEBIAN-CVE-2022-3287

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

CVE-2022-41232

A cross-site request forgery CSRF vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint...

Jenkins CONS3RT Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

dbus-broker security update

28-5.1 - Fix a stack buffer over-read in the c-shquote library - Fix null pointer reference when supplying a malformed XML config file - Add gating.yaml Resolves: CVE-2022-31212 Resolves: CVE-2022-31213...

PT-2022-25762 · Jenkins · Jenkins Bigpanda Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage of the BigPanda API key in an unencrypted form within the global configuration file on the Jenkins controller. This file can be accessed b...

dbus-broker: null pointer reference when supplying a malformed XML config file

A flaw was found in the dbus-broker package. This issue occurs when supplying a malformed XML config file and leads to a NULL pointer dereference...

U.S. Dept Of Defense: AWS Credentials Disclosure at ███

Sensitive AWS credentials were disclosed through a config.json file found on a server. An attacker could have used these credentials to gain access to sensitive information on the AWS account or perform arbitrary modifications on AWS resources. The affected system host was not disclosed. No CVE...

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. Create a new download on:...

RHEL 7 / 8 : OpenShift Container Platform 4.7.13 (RHSA-2021:2122)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2122 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

istio security update

istio 1.13.7-1 - Added Oracle specific files for 1.13.7-1 olcne 1.4.7-1 - Upgrade Istio from 1.13.5 to 1.13.7 to resolve the CVE-2022-31045 1.4.6-2 - Fix bug in gen-certs-helper script to change permission of node.key to allow opc user to copy over - Update gen-certs-helper script to skip printin...

CVE-2022-1677

In OpenShift Container Platform, CVE-2022-1677 arises when a user with Route-creation/modification permissions can craft a payload that inserts a malformed entry into the cluster router’s HAProxy configuration. This can cause the router to hijack traffic by matching arbitrary hostnames and redire...

CVE-2022-36672

Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session...

PT-2022-23542 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 3.6.2 Description: A hard-coded JWT key was found in the project config file of Novel-Plus, allowing attackers to create a custom user session. Recommendations: For Novel-Plus version 3.6.2, consider removing the hard-coded...

CVE-2022-36558

Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg...

McAfee Security Scan Plus 安全漏洞

McAfee Security Scan Plus MSS+ is a tool from McAfee, Inc. that protects computers from spyware and viruses. A security vulnerability exists in versions of McAfee Security Scan Plus MSS+ prior to 4.1.262.1, which stems from a faulty privilege management that could allow a local user to modify...

CVE-2022-36306

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still...

taoCMS 代码注入漏洞

taoCMS is a Chinese micro CMS Content Management System. A security vulnerability exists in taoCMS version 3.0.2, which is caused by allowing arbitrary php code to be injected into the site settings by modifying config.php...

PT-2022-23280 · Taocms · Taocms

Name of the Vulnerable Software and Affected Versions: taocms version 3.0.2 Description: An issue was discovered in the website settings that allows arbitrary php code to be injected by modifying config.php. Recommendations: For taocms version 3.0.2, consider restricting access to the config.php...

PT-2022-4680 · Tcl · Tcl Linkhub Mesh Wi-Fi Ac1200 +1

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi AC1200 versions prior to the fixed version TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: The issue is related to a buffer overflow vulnerability in the GetValue function of the LinkHub Mesh Wi-Fi microprogram,...