Johnson Controls VideoEdge Data Forgery Issue Vulnerability

Johnson Controls VideoEdge is a security solution from Johnson Controls, Inc. A security vulnerability exists in Johnson Controls VideoEdge that originates from a local user being able to edit configuration files and interfere with VideoEdge operation...

Moderate: Red Hat Security Advisory: libeconf security update

An update for libeconf is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Moderate: libeconf security update

Libeconf is a highly flexible and configurable library to parse and manage key=value configuration files. It reads configuration file snippets from different directories and builds the final configuration file from it. Security Fixes: libeconf: stack-based buffer overflow in readfile in...

mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Exploit

Exploit Title: mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Exploit Author: Maximilian Barz Vendor Homepage: https://mremoteng.org/ Software Link: https://mremoteng.org/download Version: mRemoteNG = v1.77.3.1784-NB Tested on: Windows 11 CVE : CVE-2023-30367 /...

CVE-2023-30367

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

CVE-2023-30367

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

CVE-2023-30367

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

Design/Logic Flaw

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

CVE-2023-30367

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

CVE-2023-30367

Multi-Remote Next Generation Connection Manager mRemoteNG is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version = v1.76.20 and =...

Iagona ScrutisWeb 安全漏洞

Iagona ScrutisWeb is a security solution from the French company Iagona. A security vulnerability exists in Iagona ScrutisWeb version 2.1.37 and earlier versions. An attacker could exploit the vulnerability to view configuration file information, including user login names and encrypted passwords...

CVE-2023-34128

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions...

CVE-2023-29130

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.5. Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control...

Improper access control

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.5. Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control...

CVE-2023-29130

A vulnerability has been identified in SIMATIC CN 4100 All versions V2.5. Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control...

HCL Technologies HCL Launch 安全漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, Inc. It is used to handle the most complex deployment processes in DevOps. HCL Launch has a security vulnerability that stems from the possibility of disclosing sensitive...

CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

Milesight UR32L luci2-io file-export mib directory traversal vulnerability

Talos Vulnerability Report TALOS-2023-1695 Milesight UR32L luci2-io file-export mib directory traversal vulnerability July 6, 2023 CVE Number CVE-2023-23547 SUMMARY A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially...

CVE-2023-36819

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...

CVE-2023-36819 Knowage-Server vulnerable to Path traversal in download functionalities

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. The endpoint /knowage/restful-services/dossier/importTemplateFile allows authenticated users to download template hosted on the server. However, starting in the 6.x.x branch...