CVE-2022-24317

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

CVE-2022-24310

CVE-2022-24310 affects Schneider Electric IGSS Data Server (v15.0.0.22020 and prior). Root cause: CWE-190 integer overflow/wraparound that can cause a heap-based buffer overflow, enabling denial of service and potentially remote code execution when processing multiple specially crafted messages. ...

Interactive Graphical SCADA System Data Server 缓冲区错误漏洞

The Schneider Electric Interactive Graphical Scada System is a Scada system for monitoring industrial processes from Schneider Electric, France. An out-of-bounds read vulnerability exists in the Schneider Electric Interactive Graphical Scada System, which can be exploited by an attacker to cause ...

[SECURITY] Fedora 34 Update: rust-below-0.4.1-3.fc34

below is an interactive tool to view and record historical system data. It has support for: - information regarding hardware resource utilization - viewing the cgroup hierarchy - cgroup and process information - pressure stall information PSI - record mode to record system data - replay mode to...

Vulnerabilities fixed in GitLab

Vulnerabilities have been fixed in GitLab. The vulnerabilities potentially enable a malicious person to launch attacks leading to the following categories of damage: Cross-Site Request Forgery XSRF. Denial-of-Service DoS. Circumvention of security measure Accessing sensitive data Access to system...

Vulnerabilities fixed in IBM Spectrum Protect Plus

IBM has fixed vulnerabilities in Spectrum Protect Plus. The vulnerabilities, which include those in the Node.js and PostgreSQL components of the product, allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data...

[SECURITY] Fedora 35 Update: rust-below-0.4.1-3.fc35

below is an interactive tool to view and record historical system data. It has support for: - information regarding hardware resource utilization - viewing the cgroup hierarchy - cgroup and process information - pressure stall information PSI - record mode to record system data - replay mode to...

Vulnerabilities fixed in Foxit PDF Reader and Foxit PDF Editor

Vulnerabilities have been fixed in the PDF Reader and PDF Editor from Foxit. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to system data This...

Apache ShenYu Access Control Error Vulnerability (CNVD-2022-18269)

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the Apache Apache Foundation. Apache ShenYu has an Access Control Error vulnerability in versions 2.4.0 and 2.4.1 that stems from a lack of authentication of ShenYu Admin when registering over HTTP. A...

Vulnerability fixed in Micro Focus Operations Agent

A vulnerability has been fixed in Micro Focus Operational Agent. The vulnerability allows a local malicious agent to access gain access to system data. Micro Focus indicates that mitigating measures are available that eliminate the vulnerability. For more information see:...

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following Oracle Database Server products: Database - Enterprise Edition Database Configuration Assistant Spatial and Graph Application Express APEX Engineered Systems Utilities The vulnerabilities allow a malicious person to carry out attacks execute attac...

Vulnerabilities fixed in Mozilla Firefox, Firefox ESR and Thunderbird

Vulnerabilities have been fixed in Mozilla Firefox, Firefox ESR and Thunderbird. The vulnerabilities allow a malicious person to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User Rights Spoofing...

QNAP NAS 信息泄露漏洞

QNAP NAS is an accessible and fast storage solution from China Weilian Technology QNAP. QNAP NAS suffers from an information disclosure vulnerability that originates from an application exporting too much data. A remote attacker could exploit this vulnerability to gain unauthorized access to...

Vulnerabilities fixed in Red Hat OpenShift Logging

Red Hat has fixed vulnerabilities in OpenShift Logging. The vulnerabilities potentially allow a malicious party to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Catalina, Big Sur and Monterey. The vulnerabilities potentially enable a malicious person to able to perform attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Circumvention of security measure Remote code...

Vulnerabilities fixed in GitLab Runner

Vulnerabilities have been fixed in GitLab Runner. A authenticated malicious party could potentially exploit them to cause a denial-of-service or to gain access to system data. GitLab developers have released updates to address the vulnerabilities in GitLab Runner 14.3.4, 14.4.2 and 14.5.2. For mo...

CVE-2021-43065

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...

CVE-2021-43065

A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data...

The vulnerability of Intel BIOS/UEFI processor microprogramming software allows attackers to enhance their privileges and gain unauthorized access to protected information.

The vulnerability of Intel BIOS/UEFI processor microprogramming systems is related to insufficient protection of system data. Exploiting this vulnerability can allow attackers to enhance their privileges and gain unauthorized access to protected information...