23 matches found
EUVD-2024-54801
Malicious code in bioql PyPI...
EUVD-2023-57709
Malicious code in bioql PyPI...
EUVD-2023-43919
Malicious code in bioql PyPI...
CVE-2024-13972
A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade...
CVE-2024-13972
A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade...
CVE-2023-5394
Server receiving a malformed message that where the GCL message hostname may be too large which may cause a stack overflow; resulting in possible remote code execution. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations...
CVE-2023-5392
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning...
Vulnerability in SICK OLM
SICK received a report about a vulnerability in the SICK Support Portal supportportal.sick.com, which was hosted and operated by a third-party service provider. Due to a misconfiguration, the access restriction of a NFS Network File System storage system has failed, which resulted in temporary...
CVE-2024-9968 NewType WebEIP v3.0 - SQL injection
WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended to upgrade to the new product...
CVE-2024-9968
The CVE-2024-9968 entry concerns WebEIP v3.0 from NewType, which reportedly does not properly validate user input. This enables remote attackers with regular privileges to inject SQL commands to read, modify, and delete data in the database. The issue is tied to an unmaintained product; remediati...
PT-2024-39967 · Newtype · Newtype Webeip
Name of the Vulnerable Software and Affected Versions: NewType WebEIP version 3.0 Description: The issue is related to improper validation of user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters. This results in a Reflected Cross-site...
Johnson Controls Illustra Essentials Gen 4 (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...
Privilege Escalation Vulnerability in Product Upgrade Module
Description Our product upgrade module contained a privilege escalation vulnerability that would allow an unauthorized user to upgrade to a product they were not authorized to. After an administrator had Product 1 can upgrde as Product2 , but not Product3, a user could use Burpsuite to intercept...
Security Bulletin: Vulnerability in Netty affects IBM Process Mining . CVE-2022-41881
Summary There is a vulnerability in Netty that could allow a remote authenticated attacker to execute denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
Security Bulletin: Vulnerability in IBM WebSphere Application Server Liberty
Summary There's a vulnerability in IBM WebSphere Application Server Liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1553 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive...
Security Bulletin: Fix available for a Privilege Escalation Vulnerability in IBM Cúram Social Program Management (CVE-2016-8923)
Summary IBM Cúram Social Program Management is vulnerable to an already authenticated user bypassing the Security Sensitivity controls via a specially crafted URL. This allows an attacker to view information for certain business objects tagged with higher sensitivity than their current sensitivit...
Security Bulletin: Vulnerability in SSLv3 affects IBM Tivoli Access Manager for e-business (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. This affects IBM Tivoli Access Manager for e-business components that use SSLv3 including WebSEAL and pdadmin. Vulnerability Details The following vulnerability...
(RHSA-2016:0297) Low: Red Hat CloudForms 3.0 - End Of Life Notice
In accordance with the Red Hat CloudForms Support Life Cycle Policy, support will end on February 28, 2017. Red Hat will not provide extended support for this product. Customers are requested to migrate to the newer Red Hat CloudForms product prior to the end of the life cycle for CloudForms 3.0...
ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities
ESA-2013-078.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-078: EMC Document Sciences xPression Multiple Vulnerabilities EMC Identifier: ESA-2013-078 CVE Identifier: CVE-2013-6173, CVE-2013-6174, CVE-2013-6175, CVE-2013-6176, CVE-2013-6177 Severity Rating: CVSS v2 Base Score: See bel...
Joomla! Component com_virtuemart 2.0.22a - SQL Injection
Joomla! Component comvirtuemart 2.0.22a - SQL Injection ------------------------------------------------------------ Joomla! VirtueMart component = 2.0.22a - SQL Injection ------------------------------------------------------------ == Description == - Software link: http://www.virtuemart.net/ -...