Intel Thunderbolt Controller February 2024 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Thunderbolt™ Controllers, which might allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

The vulnerability of the microprogramming software of AMI MegaRAC SP-X controllers allows a perpetrator to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the microprogramming software of AMI MegaRAC SP-X controllers relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of data...

Axis Communications Network Door Controllers and Intercoms Denial of Service (CVE-2023-21405)

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...

Omron PLC Access Control Error Vulnerability

Omron PLC CJ series and so on are products of Omron Japan.Omron PLC CJ series is a CJ series Programmable Logic Controller PLC.Omron PLC CS series is a CS series Programmable Logic Controller PLC.Omron PLC NJ series is a NJ series programmable logic controller. An Access Control Error vulnerabili...

CVE-2024-22216

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

Information disclosure

In default installations of Microchip maxView Storage Manager for Adaptec Smart Storage Controllers where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 exce...

CVE-2024-22216

CVE-2024-22216 affects Microchip maxView Storage Manager (Adaptec Smart Storage Controllers). The vulnerability resides in the Redfish server handling in versions 3.00.23484 through 4.14.00.26064, with older builds prior to 3.07.23980 and 4.07.00.25339 also affected. The issue allows unauthorized...

CVE-2023-52264

The beesblog aka Bees Blog component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharingurl is mishandled...

Malicious code in unit-testing-controllers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 206ebabfab4ea20b85ed6293c085ea8a6c0c0d85a70a1616a1963ac8556cf315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8774 Malicious code in unit-testing-controllers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 206ebabfab4ea20b85ed6293c085ea8a6c0c0d85a70a1616a1963ac8556cf315 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

CVE-2023-48050

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance aka odoo-biometric-attendance v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py...

CVE-2023-48050

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance aka odoo-biometric-attendance v. 13.0 through 16.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the db parameter in the controllers/controllers.py...

Sql injection

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

PT-2023-32030 · Silicon · Gecko Sdk +1

Name of the Vulnerable Software and Affected Versions: Silicon Labs Z-Wave controller and endpoint devices versions prior to Z-Wave SDK v7.20.3 Gecko SDK v4.3.3 Description: A denial of service issue exists, allowing an attack to be carried out by devices on the network sending a stream of packet...

ZKTeco ZKBio Time Security Vulnerability

ZKTeco ZKBio Time is a powerful web-based time and attendance management software from China-based ZKTeco. Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance A security vulnerability exists in versions 13.0 through 16.0.1, which stems from an SQL injection...

CVE-2023-46143 Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC...

CVE-2023-46143 Phoenix Contact: Classic line industrial controllers prone to inadequate integrity check of PLC

Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC...

CVE-2023-48049

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...