20 matches found
EUVD-2024-47679
Malicious code in bioql PyPI...
EUVD-2024-47680
Malicious code in bioql PyPI...
CVE-2024-6619
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2024-6618
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library DLL...
CVE-2024-6619
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2024-6619 Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2024-6619
In the provided documents, CVE-2024-6619 is described as an Incorrect Permission Assignment for Critical Resource affecting Ocean Data Systems Dream Report. Affected components are Dream Report 2023 (and AVEVA Reports for Operations 2023) with versions up to 23.0.17795.1010. The root cause is inc...
CVE-2024-6619 Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service...
CVE-2024-6618 Path Traversal in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library DLL...
CVE-2024-6618 Path Traversal in Ocean Data Systems Dream Report
In Ocean Data Systems Dream Report, a path traversal vulnerability could allow an attacker to perform remote code execution through the injection of a malicious dynamic-link library DLL...
Ocean Data Systems Dream Report
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Ocean Data Systems Equipment : Dream Report 2023 Vulnerabilities : Path Traversal, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these...
Ocean Data Systems Dream Report 5 R20-2 Has an Unspecified Vulnerability
Ocean Data Systems Dream Report 5 R20-2 is an application from the French company Ocean Data Systems. A real-time reporting and charting solution. A security vulnerability exists in Dream Report 5 R20-2, which can be triggered by an attacker providing a malicious file...
Unspecified Vulnerability in Ocean Data Systems Dream Report 5 R20-2 (CNVD-2021-28326)
Ocean Data Systems Dream Report 5 R20-2 is an application from the French company Ocean Data Systems. A real-time reporting and charting solution. Dream Report 5 R20-2 suffers from a security vulnerability that allows an attacker to misuse registry entries which refer to weakly-privileged binarie...
Unspecified Vulnerability in Ocean Data Systems Dream Report 5 R20-2 (CNVD-2021-28325)
Ocean Data Systems Dream Report 5 R20-2 is an application from the French company Ocean Data Systems. A real-time reporting and charting solution. Dream Report 5 R20-2 has a security vulnerability that allows an attacker to replace the Syncfusion Dashboard Service service binary to escalate...
Ocean Data Systems Dream Reports XSS and Write Access Violation Vulnerabilities
Overview Independent researchers Billy Rios and Terry McCorkle identified cross-site scripting XSS and write access violation vulnerabilities in Ocean Data Systems Dream Report application. ICS-CERT has coordinated these vulnerabilities with Ocean Data Systems, which has produced a new version th...
CVE-2011-4038
Cross-site scripting XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
Code injection
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."...
CVE-2011-4039
Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows user-assisted remote attackers to execute arbitrary code via a malformed file that triggers a "write access violation."...
CVE-2011-4038
The CVE-2011-4038 issue is an XSS vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report prior to 4.0 and other products. The vulnerability arises from lack of proper validation of certain parameters, allowing remote attackers to inj...
CVE-2011-4039
CVE-2011-4039 affects Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report prior to 4.0, with a write access violation that can execute arbitrary code. Exploitation requires user action (opening a specially crafted file) and is not fully remote; XS...