polkit security update

0.112-26.0.1 - Increase timeout to avoid defunct processes Orabug: 26930744 0.112-26.1 - pkexec: argv overflow results in local privilege esc. - Resolves: CVE-2021-4034...

All Vulnerabilities for propertytax.chattanooga.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agent processes to invoke command-line git at an attacker-specified path on the controller. This allows attackers able to control agent processes to invoke arbitrary OS commands on the controller...

CVE-2022-23117

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...

CVE-2022-23116

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method...

CVE-2022-23118

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line git at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller...

Log4Shell Strategic Response: 5 Practices for Vulnerability Management at Scale

This post is co-authored by Blake Cifelli, Senior Advisory Services Consultant. In today’s cybersecurity world, risks evolve faster than we can remediate them. To meet our goals and become resilient to these fast changes, we need the right balance of automation and human interaction. Enabling rap...

Avast antivirus 安全漏洞

Avast antivirus is a suite of antivirus software from the Czech company Avast, and an elevation of privilege vulnerability exists in versions prior to Avast Antivirus 20.4, which could be exploited by an attacker to "hollow out" a trusted process to gain elevated privileges and bypass Avast's sel...

mySCADA myPRO OS Command Injection Vulnerability (CNVD-2021-102828)

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

mySCADA myPRO Operating System Command Injection Vulnerability

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands...

Unspecified Vulnerability in mySCADA myPRO

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. A security vulnerability exists in mySCADA myPRO that can be exploited by an attacker to crack a previously retrieved password hash...

mySCADA myPRO OS Command Injection Vulnerability (CNVD-2021-102826)

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

mySCADA myPRO Authentication Bypass Vulnerability

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An authentication bypass vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to access the application without any form of authentication or authorization...

mySCADA myPRO OS Command Injection Vulnerability (CNVD-2021-102825)

mySCADA myPRO is an HMI/SCADA system designed primarily for the visualization and control of industrial processes. An operating system command injection vulnerability exists in mySCADA myPRO, which can be exploited by an attacker to inject arbitrary operating system commands via specific paramete...

postgresql: memory disclosure in certain queries

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

postgresql: memory disclosure in certain queries

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...

postgresql:13 security update

An update is available for pgrepack, postgresql, pgaudit, postgres-decoderbufs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced...

MessageBus path traversal vulnerability

MessageBus is a reliable and robust messaging bus for Ruby processes and Web clients. messageBus suffers from a path traversal vulnerability, which stems from the lack of data restriction and filtering of the paths in messagebus. errors, which could lead to the disclosure of secret information on...

Information Exposure in RunC

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or...

Delta Electronics DIAEnergie .NET Request.QueryString Cross-Site Scripting Vulnerability

Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...