Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet 安全漏洞

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software is a Schweitzer Engineering Laboratories, Inc. tool for configuring, commissioning and managing power system protection, control, metering and monitoring equipment. monitoring equipment of the power system. A security...

CVE-2023-34723

An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19T53, allows attackers to gain sensitive information via /config/system.conf...

E-mailer Newsletter And Mailing System with Analytics + GEO location 1.16 Information Disclosure

================================================================================================================================== | Title : E-mailer Newsletter & Mailing System with Analytics + GEO location v1.16 information Disclosure vulnerability | | Author : indoushka | | Tested on : windows...

(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing...

Cargo not respecting umask when extracting crate archives

The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed b...

Security Bulletin: Watson Query potentially exposes adminstrator's key under some conditions due to CVE-2022-22410

Summary Watson Query is vulnerable to an internal attacker who can use an exposed administrator APIKEY to potentially alter system configuration or view customer data. The APIKEY is used to automatically create connections and assets to help reduce workload for the user. However, in some...

CVE-2023-38056

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

UBUNTU-CVE-2023-38056

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

Input validation

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

CVE-2023-38056 Code execution via System Configuration

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

CVE-2023-38056 Code execution via System Configuration

Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35...

OTRS 操作系统命令注入漏洞

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions 7.0.X prior to 7.0.45 and 8.0.X prior to 8.0.35, which stems from incorrect neutralization of commands executed via the OTRS system configuration, allowing any authenticated...

PT-2023-26267 · Otrs +1 · Otrs +2

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.44 OTRS versions 8.0.X through 8.0.34 OTRS Community Edition versions 6.0.1 through 6.0.34 Description: The issue is related to improper neutralization of commands allowed to be executed via OTRS System...

CVE-2023-21637

Memory corruption in Linux while calling system configuration APIs...

Memory corruption

Memory corruption in Linux while calling system configuration APIs...

CVE-2023-21637

CVE-2023-21637 is reported as memory corruption in Linux when system configuration APIs are called. Connected sources indicate this CVE affects Qualcomm closed‑source components and Linux environments, with multiple CVEs entries repeating the same description. No explicit root cause details, affe...

CVE-2023-21637 Improper Restrictions of Operations within the Bounds of a Memory Buffer in Linux

Memory corruption in Linux while calling system configuration APIs...

CVE-2023-21637 Improper Restrictions of Operations within the Bounds of a Memory Buffer in Linux

Memory corruption in Linux while calling system configuration APIs...

PT-2023-18300 · Linux · Linux

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue involves memory corruption in Linux when system configuration APIs are called. Recommendations: At the moment, there is no information about a newer version that contains a fix for...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a series of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a memory corruption issue when calling the system configuration API...