Vulnerabilities fixed in Oracle Java SE

Vulnerabilities have been fixed in Oracle Java SE. The vulnerabilities allow a malicious party to perform attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Access to system data...

Vulnerabilities fixed in Oracle Communications

Vulnerabilities have been fixed in Oracle Communications. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Remote code execution User rights Access to system data...

The vulnerability of the application software interface of Hitachi Energy System Data Manager SDM600 allows a malicious actor to read data from the data storage.

The vulnerability of the application software interface of Hitachi Energy System Data Manager SDM600 is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to read data from the data storage...

The vulnerability of Hitachi Energy System Data Manager SDM600, related to improper cleaning or release of resources, allows a intruder to trigger a service failure.

The vulnerability of Hitachi Energy System Data Manager SDM600 relates to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the software interface of the Hitachi Energy System Data Manager SDM600, which allows a perpetrator to compromise the confidentiality and integrity of information.

The vulnerability of the software interface of the Hitachi Energy System Data Manager SDM600 lies in deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of information...

Vulnerabilities fixed in GitLab Enterprise and Community Editions

GitLab has fixed several vulnerabilities in GitLab Enterprise and Community Editions. A malicious person with access to the development environment could exploit the vulnerabilities to launch attacks execute attacks that can result in the following categories of damage: Cross-Site Scripting XSS...

The vulnerability of Hitachi Energy System Data Manager SDM600, related to the possibility of loading dangerous files, allows a hacker to execute arbitrary code.

The vulnerability of Hitachi Energy System Data Manager SDM600 relates to the ability to load files of a dangerous type. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

CVE-2023-28375

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information...

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291, which stems from a problem in the endpoint that can be exploited by an attacker to cause an application to become unresponsive by running multiple parallel requests...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root righ...

SDM600 代码问题漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291, which stems from the presence of a file permission validation vulnerability that could be exploited by an attacker to cause arbitrary code execution...

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291, which stems from the presence of a service authorization validation vulnerability that can be exploited by an attacker to access sensitive data by reading directly...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed vulnerabilities in Firefox and Thunderbird. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS Spoofing Access to sensitive data Access to system data The malicious party...

Vulnerabilities fixed in Aveva products

Aveva has fixed vulnerabilities in inTouch, PlantScada and Telemery Server. A malicious party could exploit the vulnerabilities to carry out attacks that could result in the following categories of damage: Denial-of-Service DoS Data manipulation. Remote code execution User rights Access to system...

PT-2023-1747 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows Client Server Run-Time Subsystem CSRSS affected versions not specified Description: The vulnerability is related to a lack of protection for system data in the Windows operating system. It allows attackers to obtain sensitive...

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP ERP, Netweaver, HAMA, Business Objects and SAP Solution Manager. A malicious party could potentially exploit the vulnerabilities and cause damage cause damage in the categories listed below: Cross-Site Scripting XSS Denial-of-Service Do...

Vulnerabilities fixed in Mozilla Firefox and Thunderbird

Mozilla has fixed several vulnerabilities in Firefox, Firefox ESR th Thunderbird. A malicious person could exploit them to carry out attacks that can lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Spoofing Access to sensitive data Access to...

WAGO 安全漏洞

WAGO is a 750-88x series programmable logic controller from WAGO, Germany. The device is an electronic system designed for the operation of digital algorithms for applications in industrial environments. A security vulnerability exists in WAGO Unmanaged Switch 852-111/000-001 firmware version 01,...

SUSE CVE-2018-11412

In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...

SUSE CVE-2020-24332

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...