869 matches found
Honeywell Products 安全漏洞
Honeywell Products is a line of products from Honeywell USA. A security vulnerability exists in Honeywell Products that originates from the disclosure of server information about configuration data when an error is generated in response to a specially crafted message...
CVE-2023-35872
The Message Display Tool MDT of SAP NetWeaver Process Integration - version SAPXIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...
CVE-2023-35873
The Runtime Workbench RWB of SAP NetWeaver Process Integration - version SAPXITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...
Jenkins: Information disclosure through error stack traces related to agents
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...
The vulnerability of the microprogramming software of ABB Terra AC wallboxes—UL40, Terra AC wallbox 80A, Terra AC wallbox UL32A, Terra AC wallbox CE MID, Terra AC wallbox CE Juno, Terra AC wallbox CE PTB, Terra AC wallbox CE Symbiosis, and Terra AC wallbox JP—is related to the transmission of data in an open manner. This allows a intruder to access the configuration data.
The vulnerability of the microprogramming software of ABB Terra AC wallboxes—such as Terra AC wallbox UL40, Terra AC wallbox 80A, Terra AC wallbox UL32A, Terra AC wallbox CE MID, Terra AC wallbox CE Juno, Terra AC wallbox CE PTB, Terra AC wallbox CE Symbiosis, and Terra AC wallbox JP—is related t...
CVE-2023-24546
On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts...
PT-2023-19683 · Arista · Arista Cloudvision Portal
Name of the Vulnerable Software and Affected Versions: Arista CloudVision Portal affected versions not specified Description: The issue is related to improper access controls on the connection from devices to CloudVision, which could allow a malicious actor with network access to CloudVision to...
Arista Networks CloudVision Portal 安全漏洞
Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring management. A security...
Jenkins: Information disclosure through error stack traces related to agents
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...
PT-2023-3091 · Abb · Abb Terra Ac Wallbox
Name of the Vulnerable Software and Affected Versions: ABB Terra AC wallbox UL40/80A versions 1.0;0 through 1.5.5 ABB Terra AC wallbox UL32A versions 1.0;0 through 1.6.5 ABB Terra AC wallbox CE Terra AC MID versions 1.0;0 through 1.6.5 ABB Terra AC wallbox CE Terra AC Juno CE versions 1.0;0 throu...
Sage Group Sage 300 信任管理问题漏洞
Sage Group Sage 300 is a well-established, closed-source enterprise resource planning ERP solution from Sage Group UK, designed to facilitate the management of an organization. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions that stems from the use of a...
CVE-2023-2291
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus AMP build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a...
Design/Logic Flaw
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50W firmware versions 5.10 through 5.35, USG20W-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails ...
BlackVue DR750-2CH LTE 访问控制错误漏洞
BlackVue DR750-2CH LTE is an in-vehicle full HD monitor from BlackVue. A security vulnerability exists in the BlackVue DR750-2CH LTE version v.1.0122022.10.26 that stems from not authenticating in its web server. An attacker exploiting this vulnerability could access sensitive information such as...
CVE-2023-1552 ToolboxST Deserialization of Untrusted Configuration Data
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...
CVE-2023-28877
The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...
CVE-2023-28877
The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...
CVE-2023-28877
The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...
CVE-2023-28877
The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. [email protected] is unaffected by this issue...
VTEX apps-graphql 安全漏洞
VTEX apps-graphql is a graphql API module for VTEX IO applications from VTEX UK. A security vulnerability exists in the VTEX [email protected] GraphQL API module that stems from not properly restricting unauthorized access to private configuration data...