CVE-2023-28479

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries...

CODESYS Development System Improper Enforcement of Message Integrity Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CODESYS Development System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the LearnMoreAction function. The issue results from a missing...

Huawei EMUI 安全漏洞

SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices with an OPC UA server interface to be connected as OPC UA clients.SIMATIC Drive Controllers are designed for the automation of production machines and combine the...

[SECURITY] Fedora 38 Update: php-8.2.9-2.fc38

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

OpenZeppelin Contracts vulnerable to Improper Escaping of Output

Impact OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata...

[SECURITY] Fedora 37 Update: php-8.1.22-1.fc37

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

The vulnerability in the set of tools for web development in Google Chrome’s DevTools allows a hacker to bypass content security policies.

The vulnerability of the DevTools set of tools for web development in Google Chrome exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor to circumvent content security policies through a specially crafted HTML page...

Intel RealSense ID Security Vulnerability

Intel RealSense ID is a facial recognition solution from Intel Corporation USA that relies on its RealSense depth sensing technology. A security vulnerability exists in IntelR RealSenseTM SDKs prior to version 0.25.0 that stems from incorrect default permissions. An attacker could exploit the...

Intel PSR Code Issue Vulnerability

Intel PSR is a management and security status application from IntelR Corporation. A security vulnerability exists in IntelR PSR SDK versions prior to 1.0.0.20. An attacker can exploit the vulnerability to elevate privileges...

Intel AMT SDK Security Vulnerability

Intel AMT SDK is an IntelR development kit for providing basic development capabilities for Active Management Technology AMT. A security vulnerability exists in IntelR AMT and IntelR Standard Manageability that originates from incorrect input validation. An attacker could exploit the vulnerabilit...

CVE-2023-40014 OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using ERC2771Context along with a custom trusted forwarder may see msgSender return address0 in calls that originate from the forwarder with calldata shorter...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2023-62034)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2023-62037)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

Siemens Solid Edge Out-of-Bounds Write Vulnerability (CNVD-2023-62031)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code in the context...

Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2023-62033)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context ...

SUSE: Security Advisory (SUSE-SU-2023:3239-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens Solid Edge Out-of-Bounds Write Vulnerability (CNVD-2023-62039)

Solid Edge is a portfolio of software tools that address a variety of product development processes: 3D design, simulation, manufacturing and design management. Siemens Solid Edge suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute code in the context...

SUSE: Security Advisory (SUSE-SU-2023:3232-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: nodejs:18 security, bug fix, and enhancement update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

The vulnerability of the IBM SDK Java Technology Edition development tools is related to deficiencies in the deserialization mechanism, allowing attackers to execute arbitrary code.

The vulnerability of the IBM SDK Java Technology Edition development tools is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...