Cisco DNA Center 安全漏洞

Cisco DNA Center is a network management and command center service from Cisco USA. An access control error vulnerability exists in the Cisco DNA Center API, which can be exploited by a remote attacker to submit a special request that can read and modify database data and elevate privileges...

The vulnerability of the application software interface of the microprogramming system for controller security and session management in IP networks, OpenScape SBC (Session Border Controller), the software tool for integrating communication systems into a unified communication system, OpenScape BCF (Business Communication Fabric), and the OpenScape Branch server allow a perpetrator to execute arbitrary PHP code.

The vulnerability of the application programming interface of microprogramming software for controlling security and managing communication sessions in IP networks, the OpenScape SBC Session Border Controller, a software tool for integrating communication systems into a unified communication...

CVE-2023-41374

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of...

CVE-2023-41374

Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of...

CVE-2023-41374

Summary: CVE-2023-41374 is a double-free vulnerability in Kostac PLC Programming Software (KPP) versions 1.6.11.0 and earlier, related to parsing of KPP project files. If a user opens a specially crafted project file saved with 1.6.9.0 or earlier, arbitrary code execution may occur. Mitigation: s...

CVE-2023-41375

CVE-2023-41375 is a use-after-free vulnerability in Kostac PLC Programming Software (KPP) 1.6.11.0 and earlier, due to parsing of KPP project files saved with 1.6.9.0 or earlier. Exploitation may allow arbitrary code execution when a user opens a specially crafted project file. The vendor notes t...

Weak Authentication

org.eclipse.jetty, jetty-openid is vulnerable to Weak Authentication. The vulnerability is caused by a logical programming defect in the validateRequest function in the OpenIdAuthenticator.java class which allows current requests to still proceed even when LoginService does return that the...

PT-2023-5518 · Kostac · Kostac Plc Programming

Name of the Vulnerable Software and Affected Versions: Kostac PLC Programming Software versions 1.6.9.0 and earlier Kostac PLC Programming Software version 1.6.11.0 Description: The issue is related to a use after free vulnerability, which can be exploited by opening a specially crafted project...

PT-2023-36265 · Skopeo · Skopeo

Name of the Vulnerable Software and Affected Versions: skopeo affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.21. The skopeo package has been rebuilt with this security release to address the issue. There is no...

[SECURITY] Fedora 37 Update: golang-1.19.13-1.fc37

The Go Programming Language...

[SECURITY] Fedora 37 Update: redis-7.0.13-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 38 Update: golang-1.20.8-1.fc38

The Go Programming Language...

Fedora: Security Advisory for python3-docs (FEDORA-2023-aeb32a843f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability in the golang.org/x/crypto/ssh library for the Go programming language allows a attacker to cause SSH servers to fail.

The vulnerability of the golang.org/x/crypto/ssh library in the Go programming language is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause SSH servers to fail...

[SECURITY] Fedora 39 Update: golang-1.21.1-1.fc39

The Go Programming Language...

[SECURITY] Fedora 39 Update: python3.10-3.10.13-1.fc39

Python 3.10 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.10 package provides the "python3.10" executable:...

[SECURITY] Fedora 37 Update: python3-docs-3.11.5-1.fc37

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

[SECURITY] Fedora 37 Update: python3.11-3.11.5-1.fc37

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries...

Undefined Behavior for Input to API in Mutt

...

Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software

Overview Kostac PLC Programming Software provided by JTEKT ELECTRONICS CORPORATION contains multiple vulnerabilities listed below. Double free CWE-415 - CVE-2023-41374 Use-after-free CWE-416 - CVE-2023-41375 Michael Heinzl reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with th...