Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel (NVIDIA) vulnerabilities (USN-7155-1)

"The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7155-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel vulnerabilities (USN-7120-2)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7120-2 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

CVE-2024-37367

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification...

CVE-2024-37368

Summary (CVE-2024-37368) Rockwell Automation FactoryTalk View SE is affected by an improper authentication vulnerability that allows a remote user with FTView to send a packet from a remote system to view an HMI project. Affected product: FactoryTalk View SE, version v11.0 (confirmed by ICSA advi...

CVE-2024-37367

Rockwell Automation FactoryTalk View SE is affected (v12.0). The vulnerability is an improper authentication issue (CWE-287) that could allow a remote attacker to have a user view an HMI project by sending a packet to the server. Connected advisories confirm affected product and remediation path:...

CVE-2024-37367 Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification...

CVE-2024-37367 Rockwell Automation FactoryTalk® View SE v12 Information Leakage Vulnerability via Authentication Restriction

A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication verification...

Rockwell Automation FactoryTalk View SE

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : FactoryTalk View SE Vulnerability : Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a user from a remote...

Local File Inclusion (LFI)

gradio is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper input validation in the postprocess function within jsoncomponent.py, where a user-controlled string is parsed as JSON which can be exploited to read arbitrary files on the remote system...

Local file inclusion in gradio

A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio and was discovered in version 4.25. The vulnerability arises from improper input validation in the postprocess function within gradio/components/jsoncomponent.py, where a user-controlled string is parsed as JSO...

CVE-2024-0740

Eclipse Target Management: Terminal and Remote System Explorer RSE version = 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03...

CVE-2024-0740

CVE-2024-0740 affects Eclipse Target Management: Terminal and Remote System Explorer (RSE) versions

EUVD-2024-16529

Eclipse Target Management: Terminal and Remote System Explorer RSE version = 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03...

CVE-2024-22433

Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.getldapinfo in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity,...

Siemens SIMATIC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Information disclosure

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

CVE-2023-41114

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions geturlastext and geturlasbytea that are publicly executable, thus permitting an authenticated us...

Session fixation

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions geturlastext and geturlasbytea that are publicly executable, thus permitting an authenticated us...

CVE-2023-46307

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...

CVE-2023-46307

An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system...