Tag
#mac
In a clever scheme designed to abuse Google in more than one way, scammers are redirecting users to browser locks.
Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.”
Feberr version 13.4 suffers from an ignored default credential vulnerability.
Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.
Ubuntu Security Notice 6951-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
Covid-19 Contact Tracing System version 1.0 suffers from a cross site scripting vulnerability.
Bhojon Restaurant Management System version 2.9 suffers from an ignored default credential vulnerability.
SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC NMS Vulnerabilities: Use After Free, Improper Input Validation, Deserialization of Untrusted Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Uncontrolled Resource Consumption, Out-of-bounds Read, Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion'), Privilege Dropping / Lowering Errors, Allocation of Resources Without Limits or Throttling, Execution with Unnecessary Privileges, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incorrect Authorization 2. RIS...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from adjacent network. Vendor: PTC Equipment: Kepware ThingWorx Kepware Server Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the target device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS PTC reports that the following products and versions are affected: PTC Kepware ThingWorx Kepware Server: V6 PTC Kepware KEPServerEX: V6 Software Toolbox TOP Server: V6 GE IGS: V7.6x 3.2 Vulnerability Overview 3.2.1 Allocation of Resources Without Limits or Throttling CWE-770 When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are...