1876 matches found
Persistence – Windows Telemetry
Microsoft has introduced the compatibility telemetry in order to collect usage and performance data about Windows systems. The telemetry tasks are collected via the binary… Continue reading - Persistence - Windows Telemetry...
SUSE CVE-2023-45142
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vulnerability
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution Vendor: Telecomunicazioni Elettro Milano TEM S.r.l. Product web page: https://www.tem-italy.it Affected version: Software version: 35.45 Webserver version: 1.7 Summary: This new line of Opera plus FM Transmitters combines very high...
Bosch ctrlX HMI Web Panel WR21 Security Vulnerability
Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in the Bosch ctrlX HMI Web Panel WR21 version that originates from allowing an Android Agent application to retrieve sensitive information using the HTTP protocol, which could allow an attacker to...
The vulnerability of the Junos Kernel Debugging Streaming Daemon (jkdsd) in Juniper Networks’ Junos operating systems allows a hacker to cause a service failure.
The vulnerability of the Junos Kernel Debugging Streaming Daemon jkdsd in Juniper Networks’ Junos operating systems is related to synchronization errors when using shared resources for processing telemetry data. Exploiting this vulnerability can allow a malicious actor to trigger service failures...
Important: Red Hat Security Advisory: Service Telemetry Framework 1.5.2 security update
An update is now available for Service Telemetry Framework 1.5.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Yamcs Cross-site Scripting vulnerability
Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...
GHSA-4CQV-Q33X-WFXW Yamcs Cross-site Scripting vulnerability
Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...
CVE-2023-45279
Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...
CVE-2023-45279
Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...
CVE-2023-45279
Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...
Design/Logic Flaw
Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...
CVE-2023-45279
Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...
CVE-2023-36839 Junos OS and Junos OS Evolved: An l2cpd crash will occur when specific LLDP packets are received
An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon l2cpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of ServiceDoS. This issue occurs when...
tehnomotornis.rs Cross Site Scripting vulnerability OBB-3743684
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
AZL-31303 CVE-2023-45142 affecting package cri-tools for versions less than 1.29.0-2
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-34580 CVE-2023-45142 affecting package cert-manager for versions less than 1.12.12-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-34900 CVE-2023-45142 affecting package kubernetes for versions less than 1.29.1-2
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-39972 CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...
AZL-33516 CVE-2023-45142 affecting package opa for versions less than 0.63.0-1
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...