PT-2024-1607 · Unknown · Harmony Control Relay Rmnf22Tb30 +1

Name of the Vulnerable Software and Affected Versions: Harmony Control Relay RMNF22TB30 and Harmony Timer Relay RENF22R2MMW affected versions not specified Description: The issue is related to an Improper Authentication vulnerability that could cause unauthorized tampering of device configuration...

PT-2024-1715 · Microsoft · Message Queuing +1

Name of the Vulnerable Software and Affected Versions: Microsoft Message Queuing MSMQ affected versions not specified Description: The issue is related to errors in processing input data in the Windows operating system's message queuing component. This can allow an attacker to execute arbitrary...

PT-2024-1956 · Microsoft · Windows Printing Service +1

Name of the Vulnerable Software and Affected Versions: Windows Printing Service affected versions not specified Description: The issue is related to errors in the representation of information by the user interface of the Windows printing service. Exploitation of this issue may allow a remote...

PT-2024-1766 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to errors in resource release in the Windows Hyper-V hardware virtualization system, which can be exploited to cause a denial of service. This allows attackers ...

PT-2024-1913 · Microsoft +8 · .Net Framework +8

Name of the Vulnerable Software and Affected Versions: Microsoft .NET affected versions not specified Description: The issue is related to pointer dereference errors in the Microsoft .NET platform. It can be exploited by a remote attacker to cause a denial of service. Recommendations: At the...

The vulnerability of the REFRESH MATERIALIZED VIEW CONCURRENTLY function in the PostgreSQL database management system allows attackers to execute arbitrary SQL commands.

The vulnerability of the REFRESH MATERIALIZED VIEW CONCURRENTLY function in the PostgreSQL database management system is related to privilege management errors during the processing and validation of command-line parameters. Exploiting this vulnerability allows a malicious actor to execute...

Janitza UMG Power Quality Measuring Credentials Management Errors (CVE-2015-3968)

The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

The vulnerability of the optimization tool for automatic BIOS driver updates, Lenovo Vantage Service, is related to errors in the authentication process. This vulnerability allows a perpetrator to execute arbitrary code with elevated privileges.

The vulnerability of the optimization tool for automatic BIOS driver updates in Lenovo Vantage Service is related to errors in the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...

CentOS 8 : libxml2 (CESA-2023:4529)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4529 advisory. - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in...

UBUNTU-CVE-2023-3966

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled...

follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()

An Improper Input Validation flaw was found in follow-redirects due to the improper handling of URLs by the url.parse function. When a new URL throws an error, it can be manipulated to misinterpret the hostname. This issue could allow an attacker to redirect traffic to a malicious site, potential...

The vulnerability of the QTS, QuTS hero, and QuTScloud operating systems for QNAP network devices is related to pointer dereferencing errors, which allow attackers to trigger a service failure.

The vulnerability of the QTS, QuTS hero, and QuTScloud operating systems for QNAP network devices is related to pointer swapping errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of the BuildKit container-building software relates to synchronization errors when using a shared resource. This “race condition” allows a malicious actor to gain unauthorized access to container files on the host system.

The vulnerability of the BuildKit container-building software is related to synchronization errors when using a shared resource. This “race condition” allows a malicious actor to gain unauthorized access to container files on the host system...

Advisory ROSA-SA-2024-2338

Software: libtiff 4.0.9 OS: ROSA Virtualization 2.1 packageevrstring: libtiff-4.0.9-28.rv3.src.rpm CVE-ID: CVE-2022-0561 BDU-ID: 2022-05790 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TIFFFetchStripThing function of the tifdirread.c component of the LibTIFF library is related to pointer...

Microsoft Edge’s vulnerability, related to security configuration errors, allows a hacker to bypass the sandbox protection mechanism and execute arbitrary code.

The vulnerability of Microsoft Edge relates to errors in security settings when processing HTML content. Exploiting this vulnerability allows a malicious actor to bypass sandbox protections and execute arbitrary code using a specially created file or web page...

The vulnerability of FireEye Endpoint Security’s software for protecting servers and workstations lies in errors in the network subsystem’s counters. This allows a malicious actor to trigger a service failure.

The vulnerability of FireEye Endpoint Security’s software for protecting servers and workstations is related to errors in counting pointers within the network subsystem. Exploiting this vulnerability allows a malicious actor to trigger a service failure using the Containmentnotify/preview paramet...

The vulnerability of the DevmemIntAcquireRemoteCtx() function in the PowerVR GPU driver for Android and ChromeOS allows a hacker to execute arbitrary code and gain elevated privileges.

The vulnerability of the DevmemIntAcquireRemoteCtx function in the PowerVR GPU driver for Android and ChromeOS systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain elevated privileges...

SUSE CVE-2023-46840

Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen...

The vulnerability of the security user interface (Security UI) of Microsoft Edge and Google Chrome browsers allows a perpetrator to disclose protected information.

The vulnerability of the Security UI of Microsoft Edge and Google Chrome browsers is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

Microsoft Edge’s vulnerability, related to security configuration errors, allows attackers to escalate their privileges.

The vulnerability of Microsoft Edge is related to security configuration errors. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...