PT-2023-7550 · Unknown · Trace Mode

Name of the Vulnerable Software and Affected Versions: TRACE MODE affected versions not specified Description: The issue is related to the storage of unencrypted credentials in the SCADA system. Exploitation of this issue could allow an attacker to substitute a password hash from one user to...

Amazon Linux AMI : git (ALAS-2023-1700)

The version of git installed on the remote host is prior to 2.38.4-1.80. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1700 advisory. Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36....

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

CVE-2023-26054

BuildKit's CVE-2023-26054 vulnerability occurs when a build request includes a Git URL containing credentials and BuildKit creates a provenance attestation; the credentials could be exposed to anyone with access to the attestation. This affects builds using provenance attestations and VCS hints i...

The vulnerability of the centralized control system for network devices and ports of Advantech iView arises from the lack of protective measures for the SQL query structure, allowing attackers to disclose protected information.

The vulnerability of the centralized control system for network devices and ports of Advantech iView relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...

Osprey Pump Controller 1.0.1 Unauthenticated Remote Code Execution Exploit

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

[SECURITY] Fedora 36 Update: git-2.39.2-1.fc36

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

Sub-IoT DASH 7 Alliance Protocol stack implementation

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sub-IoT project Equipment: DASH 7 Alliance Protocol stack implementation Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

SUSE CVE-2004-0396

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines...

SUSE CVE-2010-3846

Array index error in the applyrcschange function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow...

The vulnerability of the centralized control system for network devices and ports of Advantech iView, related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.

The vulnerability of the centralized control system for network devices and ports of Advantech iView relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

The vulnerability of the centralized control system for network devices and ports of Advantech iView arises from the lack of protective measures for the SQL query structure, allowing attackers to disclose protected information.

The vulnerability of the centralized control system for network devices and ports of Advantech iView relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...

Fedora 37 : git (2023-5b372318ff)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5b372318ff advisory. Update to 2.39.2 CVE-2023-22490, CVE-2023-23946 Refer to the upstream release notes and the security advisories CVE-2023-22490, CVE-2023-23946 for...

CVE-2023-23946

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

CVE-2023-22490

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort loca...

Siemens SiPass Integrated 输入验证错误漏洞

ACC-AP Advanced Central Controller is a door controller for up to two Internet/Intranet-connected doors used to communicate with the SiPass integrated access control system. AC5102 / ACC-G2 Advanced Central Controller is the central controller for the SiPass integrated The central controller for...

Siemens SIMATIC Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

The vulnerability of the centralized control system for network devices and ports of Advantech iView, related to the absence of authentication procedures, allows a perpetrator to execute arbitrary codes or cause service failures.

The vulnerability of the centralized control system for network devices and ports of Advantech iView lies in the absence of authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger service failures remotely...

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

ALSA-2023:0611 Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...