1876 matches found
CVE-2023-22880
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitte...
Information disclosure
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitte...
CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
CVE-2023-1256 CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
CVE-2023-1256
CVE-2023-1256 affects AVEVA Plant SCADA and AVEVA Telemetry Server with an improper authorization (CWE-285) vulnerability. An unauthenticated remote attacker could read data, cause DoS, and tamper with alarm states. Affected products/versions include AVEVA Plant SCADA (2023, 2020R2 Update 10 and ...
CVE-2023-1256 CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
Vulnerabilities fixed in Aveva products
Aveva has fixed vulnerabilities in inTouch, PlantScada and Telemery Server. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to system...
AVEVA Plant SCADA Access Anywhere 授权问题漏洞
AVEVA Plant SCADA Access Anywhere is a reliable, flexible and high-performance Supervisory Control and Data Acquisition SCADA software solution for industrial process customers from AVEVA. The true value and power of Plant SCADA can be accessed in any compatible web browser. An authorization issu...
Schneider Electric Modicon X80 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-22749)
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially...
Privilege Escalation
TimescaleDB is vulnerable to Privilege Escalation. TimescaleDB creates a telemetry job as a installation user. Telemetry data collection queries are not run with a set 'searchpath'. This allows an attacker to create and execute functions with telemetry job leading to privilege escalation...
SUSE CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain XAUTHTOKEN values by reading the message queue...
SUSE CVE-2016-9877
An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT MQ Telemetry Transport connection authentication with a username/password pair succeeds if an existing username is provid...
SUSE CVE-2020-13849
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service loss of the ability to establish new connections, as demonstrated by SlowITe...
SUSE CVE-2023-25149
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...
CVE-2023-25149
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...
Privilege escalation
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...
CVE-2023-25149 TimescaleDB has incorrect access control
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...
CVE-2023-25149 TimescaleDB has incorrect access control
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...
CVE-2023-25149
TimescaleDB (open-source) vulnerability CVE-2023-25149 affects versions 2.8.0–2.9.2. During installation, a telemetry job runs as the installation user and its queries were not executed with a locked-down search_path, enabling a user who can create objects in a database to craft functions that th...