PT-2023-29052 · Dromara · Dromara Satoken

Name of the Vulnerable Software and Affected Versions: Dromara SaToken versions 1.3.50RC and earlier Description: An issue in Dromara SaToken when using Spring dynamic controllers may cause an authentication bypass due to a specially crafted request. Recommendations: For Dromara SaToken versions...

Samba Security Vulnerabilities

Samba is the standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in Samba versions prior to 4.19.1, prior to 4.18.8, and prior to 4.17.12, which stems from the exposure of Samba AD DC passwords to privileged users and RODCs, with RODCs and users wit...

Cisco IOS XE Software for Wireless LAN Controllers Wireless Network Control DoS (cisco-sa-wlc-wncd-HFGMsfSD)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Wireless Network Control daemon wncd of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS...

SUSE CVE-2023-42670

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes for example,...

UBUNTU-CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

UBUNTU-CVE-2023-42670

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes for example,...

Delta Electronics WPLSoft Security Vulnerability

Delta Electronics WPLSoft is a software tool for programming Delta Programmable Logic Controllers PLCs from Delta Electronics, Taiwan, China. A security vulnerability exists in Delta Electronics WPLSoft version 2.51 and prior versions, which stems from a heap-based buffer overflow issue...

CVE-2023-20202

A vulnerability in the Wireless Network Control daemon wncd of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper memory management. An attacker could exploit this...

CVE-2023-20202

A vulnerability in the Wireless Network Control daemon wncd of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper memory management. An attacker could exploit this...

CVE-2023-20202

A vulnerability in the Wireless Network Control daemon wncd of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. This vulnerability is due to improper memory management. An attacker could exploit this...

CVE-2023-20202

The CVE-2023-20202 issue affects Cisco IOS XE Software for Wireless LAN Controllers, specifically the Wireless Network Control daemon (wncd). The root cause is improper memory management in wncd, allowing an unauthenticated, adjacent attacker to send network requests that could cause wncd to cons...

PT-2023-5581 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage affected versions not specified Description: A vulnerability in the command line interface CLI management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and roll bac...

PrestaShop SQL Injection Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts, and product image scaling. A security vulnerability exists in PrestaShop opartsavecart 2.0.7 and earlier versions, which originated from...

The vulnerability of microprogramming software for controlling and monitoring air consumption in pneumatic systems such as Festo MSE6-C2M, MSE6-D2M, and MSE6-E2M allows a intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of microprogramming software for controlling and monitoring air consumption in pneumatic systems such as Festo MSE6-C2M, MSE6-D2M, and MSE6-E2M is related to the presence of undocumented configuration commands. Exploiting this vulnerability could allow a malicious actor to...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47389)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47380)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC20...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Improper Validation of Consistency Within Input (CVE-2022-47392)

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition. Wago PFC200 and Compact Controllers...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47388)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47382)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...

Rockwell Automation LP30/40/50 and BM40 Operator Interface Stack-Based Buffer Overflow (CVE-2022-47387)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...