Design/Logic Flaw

The fluidcomponents aka Fluid Components extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain content use cases that may be edge cases...

Directory traversal

The package-decompression feature in HL7 Health Level 7 FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists...

Design/Logic Flaw

The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely...

Design/Logic Flaw

The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups if there is a usergroup field on the registration form. This occurs because the usergroup.inList protection mechanism is mishandled...

Authorization

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project...

Design/Logic Flaw

An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations...

Design/Logic Flaw

The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments...

Design/Logic Flaw

The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access...

Code injection

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a...

Design/Logic Flaw

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

Design/Logic Flaw

Umbraco is an ASP.NET content management system CMS. Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain ...

Design/Logic Flaw

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

Command injection

The flashtool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file...

Input validation

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...

Design/Logic Flaw

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component ncwrapentry...

Design/Logic Flaw

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate and also requires that the certificate is valid. If an Add Admin token is protected by this...

Design/Logic Flaw

In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality...

Design/Logic Flaw

In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality...

Path traversal

In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality...

Design/Logic Flaw

Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction...

Design/Logic Flaw

In BeyondTrust Privilege Management for Windows aka PMfW through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp...

Input validation

quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation RFC 9000 Section 8.2 requires that the recipient of a PATHCHALLENGE frame responds by sending a PATHRESPONSE. ...

Design/Logic Flaw

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files x86 folder and therefore uses the %ProgramFilesx86% environment variable. However, when this same policy gets pushed to a...

Code injection

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c...

Stack overflow

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c...

Stack overflow

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c...

Buffer overflow

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c...

Buffer overflow

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c...

Code injection

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes...

Command injection

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V7.2.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V7.2.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V7.2.2, SCALANCE M812-1 ADSL-Router Annex A 6GK5812-1AA00-2AA2 All versions...

Design/Logic Flaw

A vulnerability has been identified in Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, SINUMERIK Integrate RunMyHMI /Automotive All versions, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation...

Input validation

A vulnerability has been identified in Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, SINUMERIK Integrate RunMyHMI /Automotive All versions, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation...

Buffer overflow

A vulnerability has been identified in SIMATIC PC-Station Plus All versions, SIMATIC S7-400 CPU 412-2 PN V7 All versions, SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416F-3 PN/D...

Design/Logic Flaw

Affected devices improperly handle specially crafted packets sent to port 102/tcp. This could allow an attacker to create a denial of service condition. A restart is needed to restore normal operations...

Cross site scripting

A vulnerability has been identified in Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, SINUMERIK Integrate RunMyHMI /Automotive All versions, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation...

Default configuration

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially...

Design/Logic Flaw

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses,...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC PC-Station Plus All versions, SIMATIC S7-400 CPU 412-2 PN V7 All versions, SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions, SIMATIC S7-400 CPU 416F-3 PN/D...

Information disclosure

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the...

Design/Logic Flaw

A vulnerability has been identified in Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, SINUMERIK Integrate RunMyHMI /Automotive All versions, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation...

Design/Logic Flaw

A vulnerability has been identified in Opcenter Quality All versions V2312, SIMATIC PCS neo All versions V4.1, SINEC NMS All versions V2.0 SP1, SINUMERIK Integrate RunMyHMI /Automotive All versions, Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation...

Design/Logic Flaw

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automaticall...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC CP 1242-7 V2 incl. SIPLUS variants All versions = V6.1 V6.1 HF2, SIPLUS NET CP 1543-1 6AG1543-1AX00-2XE0 All versions V3.0.37. The webserver implementation of the affected products does not correctly release allocated memory after it has been used. A...

Command injection

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.0, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.0, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.0, SCALANCE M812-1 ADSL-Router Annex A 6GK5812-1AA00-2AA2 All versions V8.0,...

Design/Logic Flaw

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 2. The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically...

Information disclosure

A vulnerability has been identified in SIMATIC STEP 7 TIA Portal All versions V19. An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware...

Authorization

Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, lik...

Code injection

A vulnerability has been identified in LOGO! 12/24RCE All versions = V8.3, LOGO! 12/24RCEo All versions = V8.3, LOGO! 230RCE All versions = V8.3, LOGO! 230RCEo All versions = V8.3, LOGO! 24CE All versions = V8.3, LOGO! 24CEo All versions = V8.3, LOGO! 24RCE All versions = V8.3, LOGO! 24RCEo All...

Cross site scripting

SAS application is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in the program parameter of the the /SASStoredProcess/do endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a...

Race condition

Denial-of-service DoS vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service DoS condition may occur...