24 matches found
CVE-2026-21657
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21659
Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion LFI vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects...
EUVD-2026-9010
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection.This issue affects Frick Controls Quantum HD version 10.22 and prior...
EUVD-2026-9013
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection.This issue affects Frick Controls Quantum HD version 10.22 and prior...
CVE-2026-21658 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution
Unauthenticated Remote Code Execution i.e Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the securit...
CVE-2026-21656
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21656 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution
Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...
CVE-2026-21654 Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...
PT-2026-22317
Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions prior to 10.22 Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for OS Command Injection. Insufficient input validation in certain parameters can lead to...
PT-2026-22323
Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions 10.22 and prior Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows code injection. Insufficient input validation in certain parameters may permit unexpected...
PT-2026-22322
Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions 10.22 and prior Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for code injection. Insufficient input validation in certain parameters may allow for...
Johnson Controls Frick Controls Quantum HD 安全漏洞
Johnson Controls Frick Controls Quantum HD is a high-end microprocessor control panel designed specifically for industrial refrigeration systems by Johnson Controls. The version 10.22 and earlier of Johnson Controls Frick Controls Quantum HD contained a security vulnerability. This vulnerability...
CVE-2026-23624
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...
OPENSUSE-SU-2024:12264-1 postgresql10-10.22-1.1 on GA media
These are all security issues fixed in the postgresql10-10.22-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2024-23738
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."...
Remote code execution
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."...
CVE-2024-23738
CVE-2024-23738 affects Postman versions 10.22 and earlier on macOS. The vulnerability is described as remote code execution via RunAsNode and enableNodeClilnspectArguments settings; PT-2024-1464 additionally links this to a buffer overflow when handling PDF data, though the vendor disputes that t...
Postman Security Vulnerability
Postman is an API platform for developers from the US-based Postman Inc. A security vulnerability exists in Postman prior to version 10.22, which stems from arbitrary code execution via the RunAsNode and enableNodeClilnspectArguments settings...
CVE-2024-23738
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.."...
CVE-2018-6495
Cross-Site Scripting XSS in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to...