AVEVA Software, LLC. Security Vulnerabilities

BIT-suitecrm-2024-36411

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax displayView controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

NFC connectivity troubleshooting steps

You may find the following error in the job log: NFC storage connection is unavailable [timestamp] Error Client error: NFC storage connection is unavailable. Storage: [stg:datastore-110,nfchost:host-164,conn:89.21.235.108]. Storage display name: [Datastore]. [timestamp] Error Failed to create NFC.....

CVE-2023-41323

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There.....

ROS-20240607-01

Vulnerability of bgp_capability_msg_parse() functions of a software tool for implementing network routing on Unix-like FRRouting systems is related to reading outside memory boundaries of the BGP FRRouting daemon. Unix-like systems FRRouting is related to read outside memory boundaries in the BGP.....

[SECURITY] Fedora 39 Update: rust-routinator-ui-0.3.4-2.fc39

Web UI for Routinator, a RPKI relying party...

Silverstripe XSS vulnerability via VirtualPage

A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...

CVE-2020-26683

A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive...

BIT-suitecrm-2024-36418

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

Silverstripe History XSS Vulnerability

A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...

CVE-2022-31068

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated......

CVE-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

CVE-2024-36412

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in events response entry point allows for a SQL injection attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

CVE-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

CVE-2021-36711

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is...

CVE-2023-41321

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are...

CVE-2022-39372

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Authenticated users may store malicious code in their account information. This issue has been...

CVE-2023-41324

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to....

Intel Dynamic Tuning Technology Software Privilege Escalation (INTEL-SA-00984)

Improper access control in the Intel DTT Software before version 8.7.10802.26924 may allow an authenticated user to potentially enable escalation of privilege via local access. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2022-39375

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users....

CVE-2023-51443

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

Exploit for External Control of File Name or Path in Fortinet Fortinac

CVE-2022-39952 POC for CVE-2022-39952 affecting Fortinet...

BIT-suitecrm-2024-36414

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

CVE-2024-36413

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this...

Advisory ROSA-SA-2024-2431

Software: lua 5.3.4 OS: ROSA Virtualization 2.1 package_evr_string: lua-5.3.4 CVE-ID: CVE-2021-43519 BDU-ID: None CVE-Crit: N/A CVE-DESC.: Stack overflow in lua_resume of the ldo.c file in Lua Interpreter allows attackers to perform a denial of service via a script file created. CVE-STATUS: Not...

CVE-2022-39370

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been...

Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass

Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x are vulnerable to authentication bypass. The Security Model has different layers of Access Control. One of these layers is the applicationContext security, which is defined in the...

Exploit for Use of a Broken or Risky Cryptographic Algorithm in Vmware Aria Operations For Networks

CVE-2023-34039 POC for CVE-2023-34039 VMWare Aria Operations...

BIT-suitecrm-2024-36416

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this...

Cisco Secure Email Gateway HTTP Response Splitting Vulnerability

A vulnerability in the web-based management API of Cisco AsyncOS Software for Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. This vulnerability is due to insufficient input validation of some parameters that are passed to...

CVE-2022-39277

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS)...

Security Bulletin: NVIDIA GPU Display Driver - June 2024

NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...

CVE-2024-28880

Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the...

How to uninstall Veeam CDP VAIO filter driver manually

Veeam Support Knowledge Base answer to: How to uninstall Veeam CDP VAIO filter driver...

Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure (CVE-2022-38386)

Summary IBM QRadar Suite software is vulnerable to information exposure through cookie settings. This has been addressed in the latest update. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details ** CVEID: CVE-2022-38386 ...

Cisco IOS Software Internet Key Exchange Version 1 Fragmentation DoS (cisco-sa-ikev1-NO2ccFWz)

According to its self-reported version, Cisco IOS is affected by multiple vulnerabilities. A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap overflow, resulting in an affected...

CVE-2023-52775

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid data corruption caused by decline We found a data corruption issue during testing of SMC-R on Redis applications. The benchmark has a low probability of reporting a strange error as shown below. "Error: Protocol...

Silverstripe XSS vulnerability via VirtualPage

A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...

Exploit for SQL Injection in Cisco Smart Software Manager On-Prem

CVE-2023-20110 PoC script for CVE-2023-20110 -...

CVE-2024-36898

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to...

CVE-2024-31744

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image...

Exploit for SQL Injection in Osgeo Geoserver

CVE-2023-25157 - GeoServer SQL Injection - PoC CVE:...

Silverstripe History XSS Vulnerability

A cross-site scripting vulnerability has been discovered in the CMS page history tab. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the text fields on a page, and if the "compare mode" option is selected. The HTML will be...

software-dl.ti.com Cross Site Scripting vulnerability OBB-3852622

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-25820

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...

CVE-2020-35675

BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to...

CVE-2024-31744

In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image...

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

Summary The SANnav Management Portal and Global View products are vulnerable due to a Jave SE issue. The vulnerability has been addressed and can be resolved by applying the SANnav code level listed below. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability...

Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components

Summary There are vulnerabilities in multiple Open Source Software (OSS) components consumed by IBM Planning Analytics Local - Planning Analytics Workspace. These issues have been addressed in IBM Planning Analytics Local - Planning Analytics Workspace 2.1.2 and IBM Planning Analytics Local -...

CVE-2023-28938

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local...

Exploit for Improper Privilege Management in Sudo Project Sudo

CVE-2023-22809 CVE-2023-22809 is a critical...