mySCADA myPRO Authentication Bypass Vulnerability

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An authentication bypass vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to access the application without any form of authentication or authorization...

postgresql: memory disclosure in certain queries

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

postgresql: memory disclosure in certain queries

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

postgresql:13 security update

An update is available for pgrepack, postgresql, pgaudit, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced...

MessageBus path traversal vulnerability

MessageBus is a reliable and robust messaging bus for Ruby processes and Web clients. messageBus suffers from a path traversal vulnerability, which stems from the lack of data restriction and filtering of the paths in messagebus. errors, which could lead to the disclosure of secret information on...

Information Exposure in RunC

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

Delta Electronics DIAEnergie .NET Request.QueryString Cross-Site Scripting Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

Delta Electronics DIAEnergie HandlerEnergyType Parameter Name Cross-Site Scripting Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...

postgresql: memory disclosure in certain queries

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

postgresql: memory disclosure in certain queries

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

selinux-policy bug fix and enhancement update

An update is available for selinux-policy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The selinux-policy packages contain the rules that govern how confined...

RHEL 7 : rh-postgresql12-postgresql (RHSA-2021:5197)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5197 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

Developing a Repeatable and Sustainable Security Exploitable Risk Reporting Program

Introduction The key to creating a practical Reporting Philosophy is/are well-written vulnerability management policies, standards, and guidelines. These are often referred to as a Security, Governance, Risk, and Compliance SGRC program and a well-defined risk exception and acceptance RA program,...

New Yanluowang Ransomware Found to be Code-Signed, Terminates Database-Related Processes

We analyzed new samples of the Yanluowang ransomware. One interesting aspect of these samples is that the files are code-signed. They also terminate various processes which are related to database and backup management...

Privilege Escalation

jenkins is vulnerable to privilege escalation. The vulnerability exists due to a lack of limiting the agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library wit...

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

jenkins: Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path

A file path filtering bypass vulnerability was found in Jenkins. Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path. This may allow an attacker who controls the agent process to get read and write access to arbitrary files on the...

Trend Micro Worry-Free Business Security has an unspecified vulnerability (CNVD-2022-08933)

Trend Micro Worry-Free Business Security is an enterprise-class information security protection solution from Trend Micro, Inc. The product provides anti-spam, anti-virus, network security and email protection features.A security vulnerability exists in Trend Micro Worry-Free Business Security,...

Development of Corporate Applications Based on Artificial Intelligence

By Owais Sultan Technologies based on Artificial intelligence can be used in corporate management since the indisputable advantage of these technologies is the ability to analyze large amounts of data without significant resource costs. The ability to use AI technologies is especially relevant wh...

RHEL 8 : OpenShift Container Platform 4.8.22 (RHSA-2021:4829)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4829 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...