CVE-2024-1915

Summary: CVE-2024-1915 affects Mitsubishi Electric MELSEC-Q/L Series CPU modules (Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU, Q03/04/06/13/26UDVCPU, Q04/06/13/26UDPVCPU, and MELSEC-L Series L02/06/26CPU(-P), L26CPU(-P)BT). A remote, unauthenticated attacker can trigger an Incorrect Pointer Scali...

CVE-2024-0803

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet...

CVE-2024-0803

CVE-2024-0803 affects Mitsubishi Electric MELSEC-Q/L Series CPU modules, where an Integer Overflow or Wraparound vulnerability can allow a remote, unauthenticated attacker to execute malicious code by sending a crafted packet. Affected products include MELSEC-Q/L Series CPUs (various models) with...

CVE-2024-0803

Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet...

CVE-2024-0802

Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted pack...

CVE-2024-0802

CVE-2024-0802 affects Mitsubishi Electric MELSEC-Q/L Series CPU modules (MELSEC-Q/L Series) and is an Incorrect Pointer Scaling vulnerability. A remote, unauthenticated attacker can read arbitrary data or execute code by sending a specially crafted packet. The NVD/ICS advisories cite a CVSS v3.1 ...

CVE-2024-28849 Proxy-Authorization header kept across hosts in follow-redirects

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

CVE-2024-28849

Summary: CVE-2024-28849 affects the follow-redirects library (Node.js) used as a drop-in replacement for Node's http/https. The issue is that on cross-domain redirects, the authorization header is cleared but the proxy-authentication header, which may contain credentials, is not cleared, risking ...

CVE-2024-28391

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv, displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku...

CVE-2024-28391

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv, displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku...

Sql injection

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv, displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku...

CVE-2024-28391

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv, displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku...

PT-2024-22411 · Prestashop +1 · Fme Modules Quickproducttable Module +1

Name of the Vulnerable Software and Affected Versions: FME Modules quickproducttable module for PrestaShop versions 1.2.1 and earlier Description: The issue allows a remote attacker to escalate privileges and obtain information. This is achieved through the readCsv, displayAjaxProductChangeAttr,...

CVE-2024-28391

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv, displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku...

CVE-2024-28391

CVE-2024-28391 is a SQL injection in the FME Modules quickproducttable module for PrestaShop v1.2.1 and earlier. Affected: PrestaShop with the FME quickproducttable module (versions ≤1.2.1). Vulnerable components: readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProd...

PT-2024-2282 · Mitsubishi · Melsec-L Series +1

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules affected versions not specified Description: The issue is related to an Integer Overflow or Wraparound vulnerability in the CPU modules of Mitsubishi Electric...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:0832-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0832-1 advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1242)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact...

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2024:0814-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0814-1 advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack...

Fedora: Security Advisory for jackson-modules-base (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...