59 matches found
EUVD-2024-47680
Malicious code in bioql PyPI...
EUVD-2022-34531
Malicious code in bioql PyPI...
EUVD-2022-34530
Malicious code in bioql PyPI...
EUVD-2024-47679
Malicious code in bioql PyPI...
CVE-2024-6619
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2022-2254
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users...
CVE-2022-2253
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server...
[SECURITY] Fedora 40 Update: libxmp-4.6.1-2.fc40
Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker MOD, Scream Tracker 3 S3M, Fast Tracker II XM, and Impulse Tracker IT. Many compressed module formats are supported, including popular Unix, DOS, and Amiga fil...
CVE-2024-6619
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2024-6618
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library DLL...
CVE-2024-6619 Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2024-6619 Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2024-6619
In the provided documents, CVE-2024-6619 is described as an Incorrect Permission Assignment for Critical Resource affecting Ocean Data Systems Dream Report. Affected components are Dream Report 2023 (and AVEVA Reports for Operations 2023) with versions up to 23.0.17795.1010. The root cause is inc...
CVE-2024-6618 Path Traversal in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library DLL...
CVE-2024-6618 Path Traversal in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library DLL...
CVE-2024-6618
CVE-2024-6618 affects Ocean Data Systems Dream Report (and AVEVA Reports for Operations). The root cause is errors in processing relative paths to directories, enabling path traversal that could allow remote code execution via injection of a malicious DLL. Affected products/versions include Dream...
Ocean Data Systems Dream Report
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Ocean Data Systems Equipment : Dream Report 2023 Vulnerabilities : Path Traversal, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these...
PiiGAB M-Bus 安全漏洞
PiiGAB M-Bus is a communication protocol from PiiGAB used between meters and centralized data collection systems or prepaid units. A security vulnerability exists in the PiiGAB M-Bus 900S version, which originates from the storage of credentials in clear text...
Knowage 路径遍历漏洞
Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A path traversal vulnerability exists in Knowage versions prior to 6.x.x through 8.1.8, which stems from an authenticated user being able to download a template hosted on th...
CVE-2022-32458 Data Systems Consulting Co., Ltd. BPM - XML External Entity (XXE) Injection
Digiwin BPM has a XML External Entity Injection XXE vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files...