Vulnerabilities fixed in Oracle Java SE

Oracle has fixed vulnerabilities in Java SE JDK/JRE and GraalVM Enterprise Edition. The vulnerabilities allow a malicious potentially able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Bypassing authentication Bypassing security...

CVE-2020-25163

CVE-2020-25163 affects OSIsoft PI Vision (PI Vision 2020) prior to version 3.5.0. A remote attacker with write access to PI ProcessBook files can inject code that gets imported into PI Vision, enabling cross-site scripting and potentially unauthorized disclosure, modification, or deletion of PI S...

Vulnerabilities fixed in Ruby

Vulnerabilities have been fixed in Ruby. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS. Access to system data Ruby developers have released updates to address the vulnerabilities. More information can be foun...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed several vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Administrator/Root rights Remote...

Vulnerabilities fixed in Mozilla Firefox and Firefox ESR

Mozilla has fixed vulnerabilities in Firefox and Firefox Extended Support Release ESR. The vulnerabilities allow a malicious party potentially able to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remot...

Vulnerabilities fixed in Google Android

Vulnerabilities have been fixed in Google Android. The vulnerabilities allow a malicious person to carry out attacks execute attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution Administrator/Root rights Access to sensitive data Access to system dat...

Vulnerabilities fixed in McAfee ePolicy Orchestrator

McAfee has fixed vulnerabilities in ePolicy Orchestrator. The vulnerabilities potentially enable a malicious party to launch attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS. Remote code execution User Rights SQL Injection Access to sensitive dat...

Vulnerabilities fixed in iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities potentially allow a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Bypassing authentication Circumvention of security measure. Remote code execution...

Vulnerabilities fixed in Red Hat Openshift Container Platform

Vulnerabilities have been fixed in Red Hat Openshift Container Platform. The vulnerabilities allow a malicious party to execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Bypassing authentication Circumvention of...

HUAWEI EMUI和Honor Magic Ui安全漏洞

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI PMS modules have a privilege control vulnerability that could be exploited by attackers to obtain sensitive system information...

Vulnerabilities fixed in Firefox

Vulnerabilities have been fixed in Firefox. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data Mozilla has released updates to fix the...

CVE-2021-22805

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe V15.0.0.21243...

Remote code execution

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.ex...

Design/Logic Flaw

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

Design/Logic Flaw

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

CVE-2021-22804

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

CVE-2021-22802

Schneider Electric IGSS Data Collector (dc.exe), affected in IGSS v15.0.0.21243 and earlier, is vulnerable to a CWE-120 buffer overflow due to missing length checks on user-supplied data while processing a network-constructed message. This can lead to remote code execution with the dc.exe process...

CVE-2022-24315

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

CVE-2022-24317

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...