2883 matches found
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the HandleScim function. An attacker can bypass authorization controls by manipulating the SCIM User Creation Endpoint. Remediation Upgrade github.com/casdoor/casdoor/controllers to version 1.812.0 or higher...
CVE-2024-32752
The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access...
USN-7449-2 linux-hwe-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7449-2: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
Johnson Controls iSTAR Configuration Utility 安全漏洞
The Johnson Controls iSTAR Configuration Utility is a software tool for configuring and managing iSTAR Controllers from Johnson Controls, Inc. A security vulnerability exists in the Johnson Controls iSTAR Configuration Utility that originates from a buffer overflow issue...
USN-7453-1 linux-realtime vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7452-1 linux-gcp-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7450-1 linux-gcp, linux-gke, linux-gkeop vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
USN-7449-1 linux, linux-aws, linux-azure, linux-azure-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
Ubuntu 24.04 LTS : Linux kernel vulnerabilities (USN-7450-1)
"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7450-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...
Citrix Virtual Apps and Desktops: Issues with Monitor Service after upgrade to 2402 CU2
Environment has been upgraded to 2402 CU2 version. When admin invokes a cmdlet: Get-MonitorConfiguration, the error is displayed: A database operation failed and could not be recovered : Reason ? Not all Delivery Controllers are affected and cmdlet returns actual configuration on some of the...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on April 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-107-01 Schneider Electric Trio Q Licensed Data Radio ICSA-25-107-02 Schneider Electric...
CISA: Key Secure by Demand Elements for Operational Technology Fact Sheet
This fact sheet addresses key elements for operational technology OT owners and operators to consider when purchasing digital products that automate physical processes, e.g. programmable logic controllers PLCs, human-machine interfaces HMIs, and remote terminal units RTUs. CISA strongly advises...
The vulnerability of the ufshcd_set_dma_mask() function in the drivers/ufs/core/ufshcd.c module affects UFS-host controllers in Linux operating systems. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the ufshcdsetdmamask function in the drivers/ufs/core/ufshcd.c module affects UFS-host controllers. In Linux operating systems, this vulnerability is related to the reallocation of previously freed memory. Exploiting this vulnerability can allow an attacker to compromise the...
CVAD LVDA - How to update list of Controllers on a Linux VDA
Instructions to update the list of Controllers on a Linux VDA...
ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery
Exploit title: ABB Cylon FLXeon 9.3.4 Limited Cross-Site Request Forgery Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
Exploit Tiltle: ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
CVE-2025-29390
jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the setpassword function in application/controllers/home.php...
CVE-2025-29390
jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the setpassword function in application/controllers/home.php...
CVE-2025-29390
jerryhanjj ERP 1.0 is vulnerable to SQL Injection in the setpassword function in application/controllers/home.php...