Aim path traversal vulnerability

Aim is an easy-to-use and high-performance open source experiment tracker from the U.S. A path traversal vulnerability exists in versions of Aim prior to 3.1.0, which can be exploited by an attacker to access arbitrary files and directories stored on the file system by manipulating references to...

PT-2021-23924 · Aim · Aim

Name of the Vulnerable Software and Affected Versions: Aim versions prior to 3.1.0 Description: Aim is an open-source, self-hosted machine learning experiment tracking tool. The issue allows for a path traversal attack, which can be exploited by manipulating variables that reference files with...

MGASA-2021-0517 Updated rust packages fix security vulnerability

Updated rust packages fix security vulnerability This update mitigates a security concern in the Unicode standard, affecting source code containing "bidirectional override" Unicode codepoints: in some cases the use of those codepoints could lead to the reviewed code being different than the...

Updated rust packages fix security vulnerability

Updated rust packages fix security vulnerability This update mitigates a security concern in the Unicode standard, affecting source code containing "bidirectional override" Unicode codepoints: in some cases the use of those codepoints could lead to the reviewed code being different than the...

Apache 2.4.10 < 2.4.44 Source Code Disclosure

Due to a lack of control over an Apache error when using php-cgi and ModSecurity, it is possible for an attacker to obtain the source code of requested page in the error response via a specially crafted request containing the Content-Length header with an incorrect value. No source data...

Oracle Linux 8 : gcc (ELSA-2021-4587)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4587 advisory. 8.5.0-4.0.1 - Merge oracle patches to security errata 8.5.0-4. Reviewed-by: Jose E. Marchesi 8.5.0-4 - add -Wbidirectional patch 2008391 Tenable has extracted t...

Oracle Linux 8 : gcc-toolset-11-annobin (ELSA-2021-4591)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4591 advisory. 9.85-1.1 - Annocheck: Add test for multibyte characters in symbol names. 2017367 Tenable has extracted the preceding description block directly from the Oracle...

Oracle Linux 8 : gcc-toolset-11-binutils (ELSA-2021-4594)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4594 advisory. 2.36.1-1.0.1.1 - Forward port Oracle patches from 2.36.1-1.0.1 - Reviewed-by: Jose E. Marchesi 2.36.1-1.1 - Add ability to control the display of unicode...

Oracle Linux 8 : annobin (ELSA-2021-4593)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4593 advisory. 9.72-1.2 - Bump NVR and rebuild to use the new gcc. 2017362 9.72-1.1 - Annocheck: Add test for multibyte characters in symbol names. 2017362 9.72-1 - Rebase to...

Oracle Linux 8 : gcc-toolset-11-gcc (ELSA-2021-4586)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4586 advisory. 11.2.1-1.2.0.1 - Add -ftrivial-auto-var-init support from GCC12 Reviewed-by: Jose E. Marchesi - Add CTF/BTF support Reviewed-by: Qing Zhao 11.2.1-1.2 - add...

Oracle Linux 8 : binutils (ELSA-2021-4595)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4595 advisory. 2.30-108.0.2.1 - Forward-port Oracle patches from 2.30-108.0.2 to 2.30-108.0.2.1 - Reviewed-by: Jose E. Marchesi 2.30-108.0.2 - Forward-port the following updat...

Directory traversal

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...

MAL-2021-5 Malicious code in portal-shell (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6ffd7e5a9ce9fae497402105a8a055471199ee7ce66a5fce2e1a8655640a81e6 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

rust-toolset:rhel8 security update

An update is available for rust-toolset, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc...

CVE-2021-31888

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

CVE-2021-31883

CVE-2021-31883 affects Siemens APOGEE MBC / TALON products (Nucleus RTOS) including APOGEE MBC (PPC/BACnet), APOGEE MEC, APOGEE PXC Compact/Modular, Desigo PXC variants, and Capital VSTAR with Ethernet options. Root cause: DHCP client processing fails to validate the length of Vendor option(s) in...

PT-2021-6896 · Unknown +1 · Nucleus Source Code +10

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions all APOGEE MBC versions all APOGEE MEC versions all APOGEE PXC versions all TALON TC versions all Nucleus...

Compilers permit Unicode control and homoglyph characters

Overview Attacks that allow for unintended control of Unicode and homoglyphic characters, described by the researchers in this report leverage text encoding that may cause source code to be interpreted differently by a compiler than it appears visually to a human reviewer. Source code compilers,...

PT-2021-19564 · Unknown · Nucleus Readystart V3 +9

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 APOGEE MBC PPC BACnet all versions APOGEE MBC PPC P2 Ethernet all versions APOGEE MEC PPC BACnet all versions APOGEE MEC PP...

PT-2021-19251 · Siemens +1 · Simotics Connect 400 +12

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions all prior to V2303 PLUSCONTROL 1st Gen versions all SIMOTICS CONNECT 400 versions all prior to V0.5.0.0 SIMOTICS CONNECT 400 versions all prior to...