EUVD-2022-27092

Malicious code in bioql PyPI...

BiliupApi (>=0.1.0 <=0.1.7), EZDB (>=0.1.13 <=0.1.15) +1445 more potentially affected by unknown CVE via adler (>=0.2.3 <=1.0.2)

adler CARGO version =0.2.3, =0.1.0, =0.1.13, =0.1.0, =0.6.0-beta.1, =0.6.0-beta.1, =0.6.0-beta.1, =0.1.5, =0.21.0-alpha.1, =0.0.1-dev.10, =0.4.0, =4.0.1-alpha.1, =0.2.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0056...

MAL-2024-9481 Malicious code in @vertiv-co/adx-jetstream-util (npm)

--- -= Per source details. Do not edit below this line.=-...

K14363514: OpenSSL vulnerability CVE-2017-3736

Security Advisory Description There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perfo...

SUSE CVE-2019-13390

In FFmpeg 4.1.3, there is a division by zero at adxwritetrailer in libavformat/rawenc.c...

CVE-2021-36204

The CVE-2021-36204 vulnerability affects Johnson Controls Metasys ADS/ADX/OAS Servers: versions 10.x prior to 10.1.6 and 11.x prior to 11.0.3. Root cause is Insufficiently Protected Credentials, allowing API calls to expose plaintext credentials. Impact is high (confidentiality and total impact o...

Johnson Controls Metasys ADX Server Licensing Issue Vulnerability

Johnson Controls Metasys ADX Server is a data server from Johnson Controls, Inc. An authorization issue vulnerability exists in Johnson Controls Metasys ADX Server version 12.0, which stems from improper access controls in the application and could be exploited by an attacker to cause an AD user ...

CVE-2022-21936

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

Code injection

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

CVE-2022-21936

CVE-2022-21936 affects Johnson Controls Metasys ADX Server version 12.0 running MVE. The vulnerability is improper authentication, enabling an Active Directory user to execute validated actions without a valid password via the MVE SMP UI. Public impact details indicate remote exploitation with lo...

PT-2022-15192 · Johnson Controls · Metasys Adx Server

Name of the Vulnerable Software and Affected Versions: Metasys ADX Server version 12.0 Description: The issue allows an Active Directory user to execute validated actions without providing a valid password when using MVE SMP UI. Recommendations: For Metasys ADX Server version 12.0, consider...

CVE-2022-21936

On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI...

Johnson Controls Metasys ADX 授权问题漏洞

Johnson Controls Metasys ADX Server is a data server from Johnson Controls, Inc. An authorization issue vulnerability exists in Johnson Controls Metasys ADX Server version 12.0, which stems from improper access controls in the application and could be exploited by an attacker to cause an AD user ...

Johnson Controls Metasys ADX Server

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: Metasys ADX Extended Application and Data Server Server running MVE Metasys for Validated Environments Vulnerability: Improper Authentication 2. RISK EVALUATION...

Code injection

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.2 and enumerate users...

Johnson Controls Metasys ADS, ADX, OAS

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc Equipment: Metasys ADS, ADX, OAS with MUI Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow...

acido (>=0.16.0 <=0.53.0), adx-logging-handler (>=1.0.0 <=1.0.3) +107 more potentially affected by CVE-2022-30187 via azure-storage-queue (>=0.37.0 <=12.3.0)

azure-storage-queue PYPI version =0.37.0, =0.16.0, =1.0.0, =2.13.1.post2, =0.2.0, =2.3.1, =0.1.0, =1.2.0, =0.1.0, =1.0.0, =0.1.5, =0.1.0, =0.5.10, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2022-30187 Source advisory: OSV:GHSA-64X4-9HC6-R2H6...

CVE-2022-21938

CVE-2022-21938 concerns cross-site scripting in Johnson Controls Metasys ADS/ADX/OAS Servers (MUI Graphics web interface). Affected: Metasys ADS/ADX/OAS 10.x before 10.1.5 and 11.x before 11.0.2, due to improper neutralization of input during web page generation (MUI Graphics). Impact per sources...

Code injection

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface...

CVE-2022-21935

CVE-2022-21935 affects Johnson Controls Metasys ADS/ADX/OAS Servers version 10 prior to 10.1.5 and version 11 prior to 11.0.2, with an unverified password change vulnerability (CWE-620). The NVD/NIST entry assigns CVSSv3.1 base score 7.5 (HIGH) and CVSSv2 base 7.5, both indicating high impact on ...