Withdrawn Advisory: Lunary improper access control vulnerability

Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...

GHSA-6P2Q-8QFQ-WQ7X Withdrawn Advisory: Lunary improper access control vulnerability

Withdrawn Advisory This advisory has been withdrawn because the lunary npm package is connected to https://github.com/lunary-ai/lunary-js, not the https://github.com/lunary-ai/lunary repo that is discussed in this advisory. The underlying vulnerability report is still valid, but it doesn't affect...

OSV-2024-1059 UNKNOWN READ in chunk_free_object

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42538184 Crash type: UNKNOWN READ Crash state: chunkfreeobject fileclosefile sclose...

CVE-2024-8622

The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amchartsjavascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce validation on the preview functionality. This mak...

Siemens SIMATIC RFID Readers Hidden Function Vulnerability

SIMATIC RF600 Readers are used for contactless identification of a variety of objects such as shipping containers, pallets, production goods, or often for recording bulk goods.SIMATIC RF1100 is an RFID-based solution for simple and versatile electronic authorization management.SIMATIC RF360R read...

Siemens SIMATIC RFID Readers Hidden Function Vulnerability (CNVD-2024-38007)

SIMATIC RF600 Readers are used for contactless identification of a variety of objects such as shipping containers, pallets, production goods, or often for recording bulk goods.SIMATIC RF1100 is an RFID-based solution for simple and versatile electronic authorization management.SIMATIC RF360R read...

CVE-2024-8692

A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2024-43690

Inclusion of Functionality from Untrusted Control SphereCWE-829 in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution RCE. This issue affects: Command Centre Server and Command Centre Workstations 9.10 prior to vEL9.10.1530 MR2, 9.00 prior to...

CVE-2024-43690

CVE-2024-43690 describes that Gallagher Command Centre Server and Command Centre Workstations are affected by CWE-829 due to the inclusion of functionality from an untrusted control sphere, which may allow an attacker to perform Remote Code Execution (RCE). Affected products/versions include: Com...

PT-2024-39190 · Unknown · Code-Projects Inventory Management

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management version 1.0 Description: A critical vulnerability was found in the code-projects Inventory Management software. The issue affects an unknown functionality of the file /model/viewProduct.php of the component...

CVE-2024-8322

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality...

CVE-2024-8322

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality...

CVE-2024-8322

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality...

CVE-2024-8322

Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality...

CVE-2024-8322

Ivanti Endpoint Manager (EPM) is affected by CVE-2024-8322 due to weak authentication in Patch Management prior to 2022 SU6 or the 2024 September update. The issue allows a remote authenticated attacker to access restricted functionality. Public references describe it as part of a set of EPM vuln...

CVE-2024-37994

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT 6GT2811-6BC10-2AA0 All versions V4.2, SIMATIC Reader RF610R ETSI 6GT2811-6BC10-0AA0 All versions V4.2, SIMATIC Reader RF610R FCC 6GT2811-6BC10-1AA0 All versions V4.2, SIMATIC Reader RF615R CMIIT 6GT2811-6CC10-2AA0 All versions V4....

CVE-2024-37994

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT 6GT2811-6BC10-2AA0 All versions V4.2, SIMATIC Reader RF610R ETSI 6GT2811-6BC10-0AA0 All versions V4.2, SIMATIC Reader RF610R FCC 6GT2811-6BC10-1AA0 All versions V4.2, SIMATIC Reader RF615R CMIIT 6GT2811-6CC10-2AA0 All versions V4....

CVE-2024-37994

Siemens SIMATIC RFID Readers are affected by CVE-2024-37994. A hidden configuration item enables debug functionality, allowing an attacker to gain insight into internal deployment configuration. Affected devices include multiple RF610R/RF615R/RF650R/RF680R/RF685R families (CMIIT/ETSI/FCC/ARIB var...

PT-2024-7406 · Siemens · Simatic Reader Rf615R +11

Name of the Vulnerable Software and Affected Versions: SIMATIC Reader RF610R CMIIT versions prior to V4.2 SIMATIC Reader RF610R ETSI versions prior to V4.2 SIMATIC Reader RF610R FCC versions prior to V4.2 SIMATIC Reader RF615R CMIIT versions prior to V4.2 SIMATIC Reader RF615R ETSI versions prior...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft USA. A security vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to bypass certain functionality. The following products and versions are affected: Windows 11 Versio...