Measuresoft ScadaPro Server and Client 安全漏洞

Measuresoft ScadaPro Server and Client is a powerful real-time data acquisition software package from Measuresoft Ireland. It provides monitoring, data logging, simulation development and report generation. A security vulnerability exists in Measuresoft ScadaPro Server and Client, which stems fro...

PT-2022-4634 · Measuresoft · Measuresoft Scadapro Server

Name of the Vulnerable Software and Affected Versions: Measuresoft ScadaPro Server All Versions Description: The issue is related to the use of unmaintained ActiveX controls in Measuresoft ScadaPro Server, which may lead to two stack-based buffer overflow instances when processing a specific...

Interledger is Unmaintained

Interledger family of crates is not being actively maintained anymore. The owner of the published crate does not appear to be responsive. There is an outstanding concern around username comparison. This concern may or may not be resolved by bumping up the dependencies of the project...

PT-2022-37421 · Unknown · Interledger

Name of the Vulnerable Software and Affected Versions: Interledger affected versions not specified Description: The Interledger family of crates is no longer actively maintained, and the owner of the published crate is unresponsive. There is a concern regarding username comparison, which may or m...

DEBIAN-CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

UBUNTU-CVE-2021-23385

This affects all versions of package Flask-Security. When using the getpostlogoutredirect and getpostloginredirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\evil.com/path. This vulnerability is only...

RUSTSEC-2022-0056 clipboard is Unmaintained

Last release was almost 4 years ago and the repository with outstanding issues and pull requests seems to be abandoned by the maintainer. In addition the sole maintainer account may be abandoned that may represent account takeover risk. Current outstanding issues include vulnerable dependencies...

clipboard is Unmaintained

Last release was almost 4 years ago and the repository with outstanding issues and pull requests seems to be abandoned by the maintainer. In addition the sole maintainer account may be abandoned that may represent account takeover risk. Current outstanding issues include vulnerable dependencies...

CVE-2022-31361

Docebo Community Edition v4.0.5 and below was discovered to contain a SQL injection vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2022-20717 · Docebo · Docebo Community Edition

Name of the Vulnerable Software and Affected Versions: Docebo Community Edition versions 4.0.5 and below Description: The issue is related to an arbitrary file upload vulnerability. It is noted that this vulnerability only affects products that are no longer supported by the maintainer...

PT-2022-20716 · Docebo · Docebo Community Edition

Name of the Vulnerable Software and Affected Versions: Docebo Community Edition versions 4.0.5 and below Description: A SQL injection issue was discovered in Docebo Community Edition. This issue only affects products that are no longer supported by the maintainer. Recommendations: For versions...

PT-2022-16812 · Winaprs · Winaprs

Name of the Vulnerable Software and Affected Versions: WinAPRS version 2.9.0 Description: An issue was discovered in the DIGI address processing for VHF KISS packets, allowing a remote attacker to cause a denial of service daemon crash via a malicious AX.25 packet over the air. This issue only...

Jenkins SourceGear Vault plugin transmits credentials in plain text

Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. As of the publication of the advisory, there are no patches and the plugin is unmaintained...

GHSA-JRMF-XHR6-3428 Jenkins SourceGear Vault plugin transmits credentials in plain text

Jenkins SourceGear Vault Plugin transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure. As of the publication of the advisory, there are no patches and the plugin is unmaintained...

RUSTSEC-2022-0024 double-checked-cell is unmaintained

The author recommends switching to oncecell, which offers a superset of the functionality...

RUSTSEC-2022-0054 wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years...

wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years...

double-checked-cell is unmaintained

The author recommends switching to oncecell, which offers a superset of the functionality...

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828,...

Red Lion DA50N

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: DA50N Vulnerabilities: Insufficient Verification of Data Authenticity, Weak Password Requirements, Use of Unmaintained Third-Party Components, Insufficiently Protected Credentials 2...