PT-2023-14418 · Ge Grid Solutions · Fc46-Webbridge

Name of the Vulnerable Software and Affected Versions: FC46-WebBridge on GE Grid Solutions MS3000 devices versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0 Description: An issue was discovered that allows direct access to the API on TCP port 8888 via programs located in the cgi-bin folder without any...

Autolab OS Command Injection Vulnerability

Autolab is a course management service. Autolab supports automated grading of programming assignments. an operating system command injection vulnerability exists in Autolab. An attacker could exploit this vulnerability to execute code on the hosted Autolab server...

PT-2023-33867 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to the drm/amd/display component, where it fails to wait for vblank during pipe programming. The actual impact and attack plausibility have not yet been proven...

Autolab path traversal vulnerability

Autolab is a course management service. Autolab supports automatic grading of programming assignments. a path traversal vulnerability exists in Autolab. An attacker could exploit this vulnerability to view the contents of a file...

Google to support the use of Rust in Chromium

In a blog by the Chrome security team we learned that the Chromium project is going to support the use of third-party Rust libraries from C++ in Chromium. This is good news because Rust is a so-called memory-safe programming language. So using it in a widespread program like Chrome and the other...

CVE-2022-41956 Autolab is vulnerable to file disclosure via remote handin feature

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature,...

firefly-iii 授权问题漏洞

firefly-iii is a free and open source personal finance manager. A vulnerability with authorization issues exists in versions of firefly-iii prior to 5.8.0, which stems from its API failing to properly check authorization...

[SECURITY] Fedora 37 Update: rust-1.66.1-1.fc37

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

PT-2023-14738 · Unknown · Doctor Appointment Management System

Name of the Vulnerable Software and Affected Versions: Doctor Appointment Management System version 1.0.0 Description: The issue is related to a cross-site scripting XSS vulnerability. Cross-site scripting is a type of security vulnerability that occurs when an attacker is able to inject maliciou...

[SECURITY] Fedora 36 Update: golang-1.18.9-1.fc36

The Go Programming Language...

[SECURITY] Fedora 37 Update: golang-1.19.4-1.fc37

The Go Programming Language...

Pear Programming 跨站脚本漏洞

Pear Programming is a project developed into a global hackathon by the individual developer Mauricio Soares. Pear Programming suffers from a cross-site scripting vulnerability that stems from an issue with unknown code in the js/roomElement.js file in the component Main Page, which can lead to...

aEnrich a+HRD 授权问题漏洞

aEnrich a+HRD is a full-service human resources development solution from aEnrich, Inc. A security vulnerability exists in aEnrich a+HRD that stems from an incorrect login authentication feature in its a+HRD allowing an unauthenticated, remote attacker to bypass authentication and gain access to...

memos 访问控制错误漏洞

memos is an open source hosted meme center with knowledge management and social features. An access control error vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to view any content in a private private memo from another user via the api...

memos 安全漏洞

memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.1, which can be exploited by an attacker to delete all notes across the application via the API...

memos 授权问题漏洞

memos is an open source hosted meme center with knowledge management and social features. A vulnerability exists in memos prior to version 0.9.1 due to an authorization issue, which can be exploited by an attacker to archive any private memos, delete any shortcuts, and edit any shortcuts from oth...

The vulnerability of FortiOS operating systems, related to access control deficiencies, allows attackers to modify interface settings.

The vulnerability of FortiOS operating systems is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to modify interface settings remotely through APIs...

CVE-2019-9011

In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, an attacker can identify valid usernames...

CVE-2020-12067

In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, a user's password may be changed by an attacker without knowledge of the current password...

Default credentials

In Pilz PMC programming tool 3.x before 3.5.17 based on CODESYS Development System, a user's password may be changed by an attacker without knowledge of the current password...