EUVD-2023-46062

Malicious code in bioql PyPI...

CVE-2023-41566

OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sysuiextend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions...

CVE-2022-45147

A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...

CVE-2022-45147

A vulnerability has been identified in SIMATIC PCS neo V4.0 All versions, SIMATIC STEP 7 V16 All versions, SIMATIC STEP 7 V17 All versions, SIMATIC STEP 7 V18 All versions V18 Update 2. Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable...

CVE-2023-33096

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16...

CVE-2023-33096 Reachable Assertion in Multi-Mode Call Processor

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16...

CVE-2023-33096

CVE-2023-33096 is a DoS in Qualcomm chipsets caused by transient denial of service while processing a DL NAS Transport message (per 3GPP 24.501 v16). Affected: Qualcomm components/closed-source parts in mobile chipsets; impact is Availability (High), Network attack vector, no user interaction req...

CVE-2023-33096 Reachable Assertion in Multi-Mode Call Processor

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16...

Vulnerability in core server (CVE-2024-0985)

PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL UPDATE June 19, 2024 : Added v16 as impacted. Updated description to clarify the attack vector. Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute...

CVE-2023-46284

A vulnerability has been identified in Opcenter Execution Foundation All versions V2407, Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal...

PT-2023-7778 · Siemens · Opcenter Quality +4

Name of the Vulnerable Software and Affected Versions: Opcenter Execution Foundation versions prior to V2407 Opcenter Quality versions prior to V2312 SIMATIC PCS neo versions prior to V4.1 SINEC NMS versions prior to V2.0 SP1 Totally Integrated Automation Portal TIA Portal V14 Totally Integrated...

PT-2023-7780 · Siemens · Opcenter Quality +4

Name of the Vulnerable Software and Affected Versions: Opcenter Execution Foundation versions prior to V2407 Opcenter Quality versions prior to V2312 SIMATIC PCS neo versions prior to V4.1 SINEC NMS versions prior to V2.0 SP1 Totally Integrated Automation Portal TIA Portal V14 Totally Integrated...

DEBIAN-CVE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

Crlf injection

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

Azure File Sync Agent v16 Release - January 2023

Azure File Sync Agent v16 Release - January 2023 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v16 release that is dated January 2023. Additionally, this article contains installation instructions for this release. Improvements and issues that are...

SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2022:3614-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3614-1 advisory. - The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate...

Format string

The Baxter Spectrum WBM v16, v16D38 and Baxter Spectrum WBM v17, v17D19, v20D29 to v20D32 when in superuser mode is susceptible to format string attacks via application messaging. An attacker could use this to read memory in the WBM to access sensitive information...

Baxter Spectrum 格式化字符串错误漏洞

Baxter Spectrum is an infusion pump from Baxter USA. A format string error vulnerability exists in the Baxter Sigma and Baxter Spectrum Infusion Pumps that stems from its susceptibility to a format string attack delivered via an application message resulting in an attacker being able to use it to...