Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module Improper Restriction of Excessive Authentication Attempts (CVE-2023-4625)

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after t...

Fedora: Security Advisory (FEDORA-2024-fb32950d11)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6588-1: PAM vulnerability

Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service...

USN-6588-1 pam vulnerability

Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service...

WP Courses LMS < 3.2.4 - Missing Authorization

Description The plugin is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the /ajax/ajax-lesson-order.php file hooked via AJAX in all versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : PAM vulnerability (USN-6588-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6588-1 advisory. Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A...

Design/Logic Flaw

Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux Device Manager Agent modules.This issue affects Hitachi Device Manager: before 8.8.5-04...

CVE-2023-49107 Generation of Error Message Containing Sensitive Information Vulnerability in Hitachi Device Manager

Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux Device Manager Agent modules.This issue affects Hitachi Device Manager: before 8.8.5-04...

PT-2024-1268 · Hitachi · Hitachi Device Manager

Name of the Vulnerable Software and Affected Versions: Hitachi Device Manager versions prior to 8.8.5-04 Description: The issue is related to the generation of error messages containing sensitive information in the Hitachi Device Manager, specifically affecting the Device Manager Agent modules on...

Debian: Security Advisory (DSA-5594-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-42797

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.20, CP-8050 MASTER MODULE All versions CPCI85 V05.20. The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being...

[SECURITY] Fedora 39 Update: slurm-22.05.11-2.fc39

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

[SECURITY] Fedora 38 Update: slurm-22.05.11-2.fc38

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

CVE-2023-49554

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the dodirective function in the modules/preprocs/nasm/nasm-pp.c component...

CVE-2023-50711

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...

PT-2024-18979 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions prior to 8.1.3 Description: PrestaShop is an open-source e-commerce platform. The issue arises because the isCleanHtml method is not used on a specific form, allowing the storage of a cross-site scripting payload in the...

CVE-2023-49555

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expandsmacro function in the modules/preprocs/nasm/nasm-pp.c component...

PT-2023-31956 · Bytecode Alliance · Wasm-Micro-Runtime

Name of the Vulnerable Software and Affected Versions: Bytecode Alliance wasm-micro-runtime versions prior to 1.3.0 Description: The issue arises from the mishandling of push pop frame ref offset, leading to a "double free or corruption" error for a valid WebAssembly module. Recommendations: For...

org.infinispan:infinispan-cachestore-jdbc (>=15.0.0.Dev01 <=15.0.0.Dev10), org.infinispan:infinispan-cachestore-sql (>=15.0.0.Dev01 <=15.0.0.Dev10) +10 more potentially affected by CVE-2023-5384 via org.infinispan:infinispan-cachestore-jdbc-common (>=15.0.0.Dev01 <=15.0.0.Dev06)

org.infinispan:infinispan-cachestore-jdbc-common MAVEN version =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev06, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev01, =15.0.0.Dev10 Source cves: CVE-2023-538...

cc.allio.uno:uno-core (>=1.1.9 <=1.2.1), cc.allio.uno:uno-data (>=1.1.9 <=1.2.1) +583 more potentially affected by CVE-2023-51079 via org.mvel:mvel2 (=2.5.0.Final)

org.mvel:mvel2 MAVEN version =2.5.0.Final is affected by a known vulnerability. The following packages have a transitive dependency on org.mvel:mvel2 and may be impacted: - cc.allio.uno:uno-core =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9, =1.1.9...