EUVD-2022-27277

Malicious code in bioql PyPI...

EUVD-2024-32879

Malicious code in bioql PyPI...

EUVD-2025-22770

Malicious code in bioql PyPI...

Siemens End-of-Life Devices Detection

The current plugin identifies Siemens devices that are end-of-life, i.e., still supported but have a discontinued date announced. Siemens Lifecycle Statuses: - 'PM300:Active Product': Most current offering within a product category. - 'PM400:Announcement of product phase-out': Product in phase-ou...

Wiz supports creation of new Japan tenants

Our ongoing commitment to the region continues with product support and leadership expansion...

GHSA-J5HQ-5JCR-XWX7 github.com/rancher/steve's users can issue watch commands for arbitrary resources

Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...

RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files include binaries, script...

CVE-2024-42640

CVE-2024-42640 affects the Angular-base64-upload library prior to v0.1.21. The root cause is unauthenticated remote code execution via the demo/server.php endpoint, allowing an attacker to upload arbitrary content that can be accessed at demo/uploads and executed on the server. Affected packages ...

CVE-2024-45193

An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria does not ensure that S n. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the...

CVE-2024-33471

An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...

GHSA-C85R-FWC7-45VC Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'

Impact A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace...

CVE-2024-21780

Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service DoS condition. Note that the affected products are no longer supported...

GHSA-CQ4P-VP5Q-4522 Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects

Impact This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It was discovered that the security advisory CVE-2021-36782 GHSA-g7j7-h4q8-8w2f, previously released by Rancher, missed addressing some sensitive fields, secret tokens...

CVE-2023-24095

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formSystemCheck. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

CVE-2022-47065

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

CVE-2023-24099

TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1.01.B01 was discovered to contain a stack overflow via the username parameter at /formWizardPassword. This vulnerability allows attackers to execute arbitrary code via a crafted payload. NOTE: This vulnerability only affects...

Security Bulletin: IBM Netezza as a Service is vulnerable to CVE-2022-0811

Summary IBM Netezza as a Service is vulnerable to arbitrary code execution as root on the cluster node due to CVE-2022-0811 although severity is low. Vulnerability is addressed by upgrading OCP version to 4.8.42. Vulnerability Details CVEID: CVE-2022-0811 DESCRIPTION: CRI-O could allow a remote...

CVE-2017-20016 WEKA INTEREST Security Scanner Portscan memory allocation

A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation with an unknown input leads to denial of service. The attack can be initiated remotely. The exploit has bee...

CVE-2021-36799

KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...