Yokogawa Rental & Lease Corporation Security Vulnerabilities

CVE-2017-3506

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2024-21099

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-5013

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application...

CVE-2024-35927

In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in...

Security Updates for Microsoft Exchange Server (December 2020)

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A remote code execution vulnerability. An attacker could exploit this to execute unauthorized arbitrary code. (CVE-2020-17117, CVE-2020-17132, ...

Security Updates for Exchange (September 2020)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An...

CVE-2024-3544

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret...

CVE-2023-21839

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise...

CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

CVE-2024-21056

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2024-21080

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications.....

CVE-2024-21108

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to...

CVE-2024-21085

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...

KB5037765: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2024)

The remote Windows host is missing security update 5037765 or 5039705. It is, therefore, affected by multiple vulnerabilities Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040) Windows Common Log File System Driver Elevation of Privilege Vulnerability...

KB5036892: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (April 2024)

The remote Windows host is missing security update 5036892. It is, therefore, affected by multiple vulnerabilities SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988) Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, ...

KB5031354: Windows 11 version 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031354. It is, therefore, affected by multiple vulnerabilities The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August...

KB5031427: Windows Server 2012 Security Update (October 2023)

The remote Windows host is missing security update 5031427. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577) Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434) ...

KB5031364: Windows 2022 / Azure Stack HCI 22H2 Security Update (October 2023)

The remote Windows host is missing security update 5031364. It is, therefore, affected by multiple vulnerabilities The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August...

KB5028185: Windows 11 version 22H2 Security Update (July 2023)

The remote Windows host is missing security update 5028185. It is, therefore, affected by multiple vulnerabilities Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367) Windows Netlogon Information Disclosure...

KB5006667: Windows 10 version 1909 Security Update (October 2021)

The remote Windows host is missing security update 5006667. It is, therefore, affected by multiple vulnerabilities: A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36970, CVE-2021-40455) A denial of...

CVE-2024-5018

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...

CVE-2022-21587

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

CVE-2024-5015

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...

CVE-2024-5008

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE...

KB5036894: Windows 11 version 21H2 Security Update (April 2024)

The remote Windows host is missing security update 5036894. It is, therefore, affected by multiple vulnerabilities SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988) Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, ...

KB5036899: Windows 10 Version 1607 / Windows Server 2016 Security Update (April 2024)

The remote Windows host is missing security update 5036899. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability (CVE-2024-26214) Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168,...

KB5031441: Windows Server 2008 R2 Security Update (October 2023)

The remote Windows host is missing security update 5031441. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577) Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434) ...

KB5005615: Windows 7 and Windows Server 2008 R2 September 2021 Security Update

The remote Windows host is missing security update 5005615 or cumulative update 5005633. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-36955, CVE-2021-36963,...

KB5005607: Windows Server 2012 September 2021 Security Update

The remote Windows host is missing security update 5005607 or cumulative update 5005623. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-36955, CVE-2021-36963,...

KB5005106: Windows 8.1 and Windows Server 2012 R2 Security Update (August 2021)

The remote Windows host is missing security update 5005106 or cumulative update 5005076. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-26425, CVE-2021-26426,...

KB5000840: Windows Server 2012 March 2021 Security Update

The remote Windows host is missing security update 5000840 or cumulative update 5000847. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands....

KB4601345: Windows 10 Version 1809 and Windows Server 2019 February 2021 Security Update

The remote Windows host is missing security update 4601345. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-1734, CVE-2021-24076, CVE-2021-24079,...

KB4598287: Windows Server 2008 January 2021 Security Update

The remote Windows host is missing security update 4598287 or cumulative update 4598288. It is, therefore, affected by multiple vulnerabilities : A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...

CVE-2024-21061

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2024-5009

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's...

Security Updates for Exchange (April 2019)

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker...

CVE-2024-4885

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole...

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

CVE-2024-5014

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML...

CVE-2024-5010

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive...

CVE-2024-5011

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of...

CVE-2023-52743

In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning in check_flush_dependency is being triggered. This is due to ice driver workqueue being allocated with the WQ_MEM_RECLAIM...

CVE-2023-52743

In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning in check_flush_dependency is being triggered. This is due to ice driver workqueue being allocated with the WQ_MEM_RECLAIM...

CVE-2024-21025

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-5739

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...

CVE-2024-35927

In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in...

CVE-2024-4883

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through...

Security Updates for Exchange (March 2020)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request...

CVE-2024-4884

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole...

glpi -- Account takeover vulnerability

MITRE Corporation reports: GLPI through 9.4.3 is prone to account takeover by abusing the ajax/autocompletion.php autocompletion feature. The lack of correct validation leads to recovery of the token generated via the password reset functionality, and thus an authenticated attacker can set an...