CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

Wago IO 750-849 & 750-881 No Privilege Separation (CVE-2015-6473)

WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. C Tenable, Inc. include'compat.inc'; if description scriptid500679; scriptversion"1.4";...

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1963)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine...

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1993)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1963)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JTEKT TOYOPUC Products 数据伪造问题漏洞

JTEKT TOYOPUC Products is a family of programmable controllers from JTEKT Japan. A data forgery vulnerability exists in JTEKT TOYOPUC Products, which stems from a lack of privilege separation functionality in the affected products. An attacker could use this vulnerability to execute arbitrary...

Medium: containerd, docker

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

Medium: containerd

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

GHSA-4HJ2-R2PM-3HC6 Incorrect Default Permissions in CRI-O

Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

Incorrect Default Permissions in CRI-O

Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a containerd security vulnerability (CVE-2022-24769)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability found in containerd where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to...

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

Design/Logic Flaw

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

Buffer overflow

engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation...

CVE-2022-27882

OpenBSD slaacd (CVE-2022-27882) in OpenBSD 6.9 and 7.0 before 2022-03-22 contains an integer signedness error that can trigger a heap-based buffer overflow when processing crafted IPv6 router advertisements. Impact is described as a denial-of-service; privilege separation and pledge can prevent e...

CVE-2022-27882

slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation...

CVE-2022-24769

Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux...

Vulnerability fixed in libssh

A vulnerability has been fixed in libssh. A malicious party could potentially exploit the vulnerability to cause a denial-of-service cause or execute arbitrary code with the privileges of application that uses libssh. It is good practice to apply the principle of "privilege separation" to this ty...

SUSE: Security Advisory (SUSE-SU-2017:0264-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...