PT-2024-32710 · Unknown · Shilpi Client Dashboard

Name of the Vulnerable Software and Affected Versions: Shilpi Client Dashboard affected versions not specified Description: This issue exists due to improper handling of multiple parameters in the API endpoint. An authenticated remote attacker could exploit this by including multiple userid...

The vulnerability in the Go programming language’s html/template package allows attackers to execute XSS attacks.

The vulnerability of the Go programming language’s html/template package is related to the lack of measures taken to protect web page structures. Exploiting this vulnerability allows an attacker to perform XSS attacks remotely...

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Out-of-bounds write CWE-787 - CVE-2024-47134 Stack-based buffer overflow CWE-121 - CVE-2024-47135 Out-of-bounds read CWE-125 - CVE-2024-47136 Michael Heinzl reported...

CVE-2024-47136

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a...

CVE-2024-47134

Out-of-bounds write vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a...

CVE-2024-47136

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a...

CVE-2024-47136

CVE-2024-47136 is an out-of-bounds read vulnerability in Kostac PLC Programming Software (former Koyo) up to version 1.6.14.0. Opening a specially crafted KPP project file saved with version 1.6.9.0 or earlier can cause DoS, arbitrary code execution, or information disclosure due to parsing issue...

CVE-2024-47135

Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may...

CVE-2024-47134

Summary of CVE-2024-47134 and related advisories : Kostac PLC Programming Software (formerly Koyo PLC Programming Software)

CVE-2024-47134

Out-of-bounds write vulnerability exists in Kostac PLC Programming Software Former name: Koyo PLC Programming Software Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a...

The vulnerability of the application programming interface of the Grafana monitoring and observation platform’s Endpoint allows a perpetrator to escalate their privileges.

The vulnerability of the application programming interface of the Grafana monitoring and observation platform allows a perpetrator to enhance their privileges. This vulnerability is related to insufficient spatial separation. Exploiting this vulnerability could enable a remote perpetrator to...

ROS-20241001-10

A vulnerability in the Parse function of the Go programming language is related to uncontrolled recursion. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of service. A vulnerability in the Decoder.Decode function of the Go programming language is...

JTEKT Kostac PLC Programming Software 安全漏洞

JTEKT Kostac PLC Programming Software is a PLC programmer software for personal computers from JTEKT Japan. A security vulnerability exists in JTEKT Kostac PLC Programming Software version 1.6.14.0 and prior versions, which stems from the presence of a stack-based buffer overflow vulnerability...

PT-2024-32427 · Kostac · Kostac Plc Programming

Name of the Vulnerable Software and Affected Versions: Kostac PLC Programming Software versions 1.6.14.0 and earlier Description: An out-of-bounds write vulnerability exists in the parsing of KPP project files. If a user opens a specially crafted project file saved using Kostac PLC Programming...

PT-2024-32429 · Kostac · Kostac Plc Programming

Name of the Vulnerable Software and Affected Versions: Kostac PLC Programming Software versions 1.6.14.0 and earlier Description: An out-of-bounds read vulnerability exists in the parsing of KPP project files. If a user opens a specially crafted project file saved using Kostac PLC Programming...

Low: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

RLSA-2024:6908 Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: net/http: Denial of service due to improper 100-continue handling in net/http CVE-2024-24791 go/parser: golang: Calling any of the Parse functions containing deeply nested...

go-toolset:rhel8 security update

An update is available for module.go-toolset, go-toolset, delve, golang, module.golang, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

PT-2024-32382 · Unknown · Computer Vision Annotation Tool

Name of the Vulnerable Software and Affected Versions: Computer Vision Annotation Tool CVAT versions prior to 2.19.0 Description: The issue allows an attacker to initiate API calls on behalf of a logged-in user if they can trick the user into visiting a maliciously-constructed URL. This gives the...

PT-2024-9159 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.11 Nextcloud Server versions prior to 29.0.8 Nextcloud Server versions prior to 30.0.1 Nextcloud Enterprise Server versions prior to 25.0.13.13 Nextcloud Enterprise Server versions prior to 26.0.13.9...