CVE-2022-24822 Denial of Service in @podium/layout and @podium/proxy

Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74,...

CVE-2021-32984

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...

CVE-2021-32986

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...

CVE-2021-32978

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

Authorization

All programming connections receive the same unlocked privileges, which can result in a privilege escalation. During the time Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, an attacker can connect to the PLC and read the project...

Authentication flaw

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

Design/Logic Flaw

The programming protocol allows for a previously entered password and lock state to be read by an attacker. If the previously entered password was successful, the attacker can then use the password to unlock Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00...

Buffer overflow

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 passwords are sent as plaintext during unlocking and project transfers. An attacker who has network visibility can observe the password exchange...

CVE-2021-32986 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...

CVE-2021-32986

The CVE affects Automation Direct CLICK PLC CPU Modules (C0-1x CPUs) with firmware prior to v3.00. The vulnerability is an authentication bypass where, once an authorized user unlocks the PLC, the unlocked state does not timeout and remains usable if the programming software is interrupted; all s...

CVE-2021-32978

The CVE-2021-32978 entry describes a vulnerability in Automation Direct CLICK PLC CPU Modules (C0-1x) with firmware prior to v3.00 where a previously entered password and lock state can be read from the programming protocol, effectively exposing credentials and enabling unlocks if the password wa...

CVE-2021-32980 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

CVE-2021-32980 Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

Rockwell (CVE-2020-14504) (deprecated)

This plugin has been deprecated as POINT I/O modules are not currently supported. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2022/05/19...

PT-2022-10178 · Automationdirect · Automation Direct Click Plc Cpu Modules

Name of the Vulnerable Software and Affected Versions: Automation Direct CLICK PLC CPU Modules: C0-1x CPUs versions prior to v3.00 Description: The issue arises when an authorized user unlocks the Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00. The unlocked state...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-application (>=1.1.0 <=1.2.0) +9239 more potentially affected by CVE-2022-22950 via org.springframework:spring-expression (>=5.3.0 <=5.3.16)

org.springframework:spring-expression MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0 and more Source cves: CVE-2022-22950 Source advisory: OSV:GHSA-558X-2XJG-6232...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit allows attackers to compromise data integrity.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...

Spring Cloud Azure 4.0 is Now Generally Available

NOTE: Hi, Spring fans! This is a guest post from Sean Li, our friend at Microsoft I am pleased to announce that Spring Cloud Azure 4.0 is now generally available. With this major release we aim to bring better security, leaner dependencies, support for production readiness and more. Version 4...