CVE-2022-21940

Summary : CVE-2022-21940 affects Johnson Controls System Configuration Tool (SCT) versions 14 before 14.2.3 and 15 before 15.0.3. The issue is a sensitive cookie in HTTPS session without the Secure attribute , which could allow cookie exposure. Root cause : cookies accepted in HTTPS sessions with...

CVE-2022-21939 Sensitive cookie without 'HttpOnly' flag in System Configuration Tool (SCT)

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

CVE-2022-21939 Sensitive cookie without 'HttpOnly' flag in System Configuration Tool (SCT)

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool SCT version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie...

CVE-2022-21939

CVE-2022-21939 affects Johnson Controls System Configuration Tool (SCT) versions 14 prior to 14.2.3 and 15 prior to 15.0.3. The vulnerability is a SENSITIVE COOKIE WITHOUT 'HttpOnly' FLAG, described as a cross-site scripting issue that could allow an attacker to access cookies and take control of...

PT-2023-12673 · Johnson Controls · Johnson Controls System Configuration Tool

Name of the Vulnerable Software and Affected Versions: Johnson Controls System Configuration Tool SCT versions 14 prior to 14.2.3 Johnson Controls System Configuration Tool SCT versions 15 prior to 15.0.3 Description: The issue allows access to a sensitive cookie due to the lack of the 'HttpOnly'...

Johnson Controls System Configuration Tool 跨站脚本漏洞

Johnson Controls System Configuration Tool is a controller configuration tool from Johnson Controls Johnson Controls. It is used as an interface to field device controller logic and provides intuitive screens for programming. A security vulnerability exists in Johnson Controls System Configuratio...

Johnson Controls System Configuration Tool 跨站脚本漏洞

Johnson Controls System Configuration Tool is a controller configuration tool from Johnson Controls Johnson Controls. It is used as an interface to field device controller logic and provides intuitive screens for programming. A security vulnerability exists in Johnson Controls System Configuratio...

PT-2023-12674 · Johnson Controls · Johnson Controls System Configuration Tool

Name of the Vulnerable Software and Affected Versions: Johnson Controls System Configuration Tool SCT versions 14 prior to 14.2.3 Johnson Controls System Configuration Tool SCT versions 15 prior to 15.0.3 Description: The issue allows access to a sensitive cookie in an HTTPS session due to the la...

CVE-2022-43761

Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...

CVE-2022-43761

Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...

Authentication flaw

Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...

CVE-2022-43761 Lack of authentication when managing APROL database

Missing authentication when creating and managing the B&R APROL database in versions R 4.2-07 allows reading and changing the system configuration...

B&R Industrial Automation APROL 访问控制错误漏洞

B&R Industrial Automation APROL is a production process management system from B&R Industrial Automation, Austria. A security vulnerability exists in the B&R Industrial Automation APROL database R prior to version 4.2-07, which stems from a lack of authentication when creating and managing...

SUSE-SU-2022:3198-2 Security update for php8-pear

This update for php8-pear fixes the following issues: - Add php8-pear to SLE15-SP4 jscSLE-24728 - Update to 1.10.21 - PEAR 1.10.13 unsupported protocol - use --force to continue Add $this operator to determineIfPowerpc calls - Update to 1.10.20 - ArchiveTar 1.4.14 Properly fix symbolic link path...

Schneider Electric Conext ComBox Cross-Site Request Forgery Vulnerability

The Schneider Electric Conext ComBox is a communication and monitoring device from Schneider Electric France. The Schneider Electric Conext ComBox suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, which induces a reque...

Design/Logic Flaw

EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions...

CVE-2022-39186 EXFO - BV-10 Performance Endpoint Unit Misconfiguration

EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions...

EXFO BV-10 安全漏洞

The EXFO BV-10 is a low-cost, easy-to-configure, purpose-built, intelligent performance endpoint device from EXFO Canada. A security vulnerability exists in the EXFO BV-10 that stems from a system configuration file having misconfigured permissions...

[SECURITY] Fedora 37 Update: systemd-251.10-588.fc37

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses sock et and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

Information disclosure

TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers coul...