PT-2023-3669 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.9 Description: An issue was discovered in the Linux kernel where ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read. This could allow a remote attacker to access protected...

python: open redirection vulnerability in lib/http/server.py may lead to information disclosure

A vulnerability was found in python. This security flaw causes an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of the URI path. This issue may lead to information disclosure...

Siemens SICAM A8000 Web Server Module Improper Access Control (CVE-2021-46304)

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70C All versions, CP-8000 MASTER MODULE WITH I/O -40/+70C All versions, CP-8021 MASTER MODULE All versions, CP-8022 MASTER MODULE WITH GPRS All versions. The component allows to activate a web server module which provides...

CVE-2023-1617

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 VNC-Server modules. This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on th...

SUSE CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

Mitsubishi Electric Multiple Factory Automation Products (Update D)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2...

Mitsubishi Electric FA Engineering Software (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works3, MX OPC UA Module Configurator-R Vulnerabilities: Cleartext Storage of Sensitive Information, Use of Hard-coded Password, Insufficiently Protected Credentials,...

Information disclosure

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A to 1.095Z and Mitsubishi Electric MX OPC UA Module Configurator-R versions 1.08J and prior allows a remote unauthenticated attacker to disclose sensitive information. As a result,...

CVE-2022-25164

CVE-2022-25164 is a cleartext storage vulnerability affecting Mitsubishi Electric GX Works3 (versions 1.000A–1.095Z) and MX OPC UA Module Configurator-R (1.08J and earlier). Root cause: sensitive data stored in cleartext, enabling remote, unauthenticated disclosure and potential access to MELSEC ...

多款F5产品 缓冲区错误漏洞

F5 BIG-IP and others are products of F5 Corporation, U.S.A. F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features.F5 BIG-IQ is a software-based cloud management solution.F5 F5OS-A is an operati...

CLSA-2022-1663184406 Fix CVE(s): CVE-2021-28861

SECURITY UPDATE: Redirection vulnerability in http.server - debian/patches/CVE-2021-28861.patch: Fix an open redirection vulnerability in the http.server module when an URI path starts with //. - CVE-2021-28861...

Mitsubishi Electric Multiple Factory Automation Products (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GOT2000 compatible HMI software, CC-Link IE TSN Industrial Managed Switch, MELSEC iQ-R Series OPC UA Server Module Vulnerabilities: Infinite Loop, OS Command Injection 2...

PYSEC-2022-254

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

UBUNTU-CVE-2021-28861

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states...

Siemens SICAM A8000 CP-8000 安全漏洞

The SICAM A8000 RTU Remote Terminal Unit series is a modular device family for remote control and automation applications in all energy supply areas.An authentication bypass vulnerability exists in the Siemens SICAM A8000 Web Server Module, which is caused by the component allowing the activation...

CVE-2022-30033

Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the functtion setIPv6Status in httpd module...

The Bug Report - March 2022 Edition

The Bug Report - March 2022 By Charles McFarland · April 6, 2022 Your Cybersecurity Comic Relief Comic from https://geek-and-poke.com/ and remains unedited. https://creativecommons.org/licenses/by/3.0/ Use of this comic does not indicate endorsement by the creator. Why am I here? Welcome back the...

Twisted 环境问题漏洞

Twisted is an event-driven open source web engine written in the Python language. Twisted suffers from an environmental issue vulnerability that stems from the fact that prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server was located in the Twisted. Web HTTP module, which parses several...

GHSA-FFMM-5WW2-G3Q4 Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console

Liferay Server Admin Web before 4.0.12 from Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below were discovered to contain a cross-site scripting XSS vulnerability via the script console under the Server module...

Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console

Liferay Server Admin Web before 4.0.12 from Liferay Portal v7.3.2 and below and Liferay DXP v7.0 and below were discovered to contain a cross-site scripting XSS vulnerability via the script console under the Server module...