6348 matches found
Mitsubishi Electric MELSEC iQ-R Series Exposure of Sensitive Information to an Unauthorized Actor (CVE-2021-20594)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via...
Schneider Electric Modicon Cleartext Transmission of Sensitive Information (CVE-2019-6846)
A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause information disclosure when using the FTP protocol. This plugin only works with Tenable.ot. Please visit...
Mitsubishi Electric MELSEC-Q QJ71E71 series Improper Synchronization (CVE-2016-8368)
An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to conne...
Schneider Electric Modicon Cross-Site Request Forgery (CVE-2013-0663)
Cross-site request forgery CSRF vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23576 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23576 Source advisory: OSV:PYSEC-2022-140...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23557 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23557 Source advisory: OSV:PYSEC-2022-121...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23582 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23582 Source advisory: OSV:PYSEC-2022-146...
golang: Command-line arguments may overwrite global data
A flaw was found in golang. This vulnerability can only be triggered when invoking functions from vulnerable WASM WebAssembly Modules. Go can be compiled to WASM. If the product or service doesn't use WASM functions, it is not affected, although it uses golang...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-21729 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-21729 Source advisory: OSV:PYSEC-2022-108...
varnish:6 security update
An update is available for varnish, varnish-modules. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Varnish Cache is a high-performance HTTP accelerator. It...
varnish:6 security update
varnish 6.0.8-1.1 - Resolves: 2047648 - CVE-2022-23959 varnish:6/varnish: Varnish HTTP/1 Request Smuggling Vulnerability varnish-modules 0.15.0-6 - Related: 1982862 - rebuild for new varnish version...
OPENSUSE-SU-2022:0024-1 Security update for lighttpd
This update for lighttpd fixes the following issues: lighttpd was updated to 1.4.64: CVE-2022-22707: off-by-one stack overflow in the modextforward plugin boo1194376 graceful restart/shutdown timeout changed from 0 disabled to 8 seconds. configure an alternative with: server.feature-flags +=...
Mageia: Security Advisory (MGASA-2019-0328)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MoonBounce: New malware deployed by APT41 in UEFI firmware
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...
Security Bulletin: IBM MaaS360 Cloud Extender and Modules have various vulnerabilities (CVE-2021-22924, CVE-2021-3712)
Summary A vulnerability contained within a 3rd party component was identified and remediated in the IBM MaaS360 Cloud Extender Agent V2.106.100.008 and Modules. Vulnerability Details CVEID: CVE-2021-22924 DESCRIPTION: An unspecified error with bad connection reused due to improper path name...
Cross-site Scripting (XSS) - Stored in zikula/core
Description In zikula/core cross site scripting vulnerability is present in block modules block list description field. This commit e453ad not properly santize the input. Proof of Concept login to the demo account go to blocks https://demo.ziku.la/blocks/admin/view Add payload in block list...
The vulnerability of WebKitGTK and WPE WebKit’s display modules, related to memory management after memory is freed, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of Web page rendering modules in WebKitGTK and WPE WebKit relates to the use of memory after it is released. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures due to malicious web content...
The vulnerability of WebKitGTK and WPE WebKit’s display modules is related to authentication procedures that allow attackers to access confidential data and compromise its integrity.
The vulnerability of Web page rendering modules in WebKitGTK and WPE WebKit is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data and compromise its integrity through a malicious website...
CVE-2021-45033
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions V16.20, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions V16.20, CP-8021 MASTER MODULE All versions V16.20, CP-8022 MASTER MODULE WITH GPRS All versions V16.20. An undocumented debug port uses...
vulhub
This is an open-source collection of vulnerable systems and applications for educational purposes. The repository is maintained by phith0n and is available on GitHub. It contains a variety of vulnerable systems and applications, including web applications, databases, and operating systems. The...