#vulnerability

Red Hat Security Advisory 2024-5396-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Car Rental Management System version 1.0 suffers from a cross site scripting vulnerability.

BloodBank version 1.1 suffers from an ignored default credential vulnerability.

Red Hat Security Advisory 2024-5395-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Bhojon Restaurant Management System version 2.9 suffers from an ignored default credential vulnerability.

FlatPress version 1.3.1 suffers from a path traversal vulnerability.

SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances. The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug. "SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability

A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION: Low attack complexity Vendor: Siemens Equipment: LOGO! V8.3 BM Devices Vulnerability: Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker with physical access to an affected device to extract user-set passwords from an embedded storage IC. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Siemens, are affected: Siemens LOGO! 12/24RCE (6ED1052-1MD08-0BA1): All versions Siemens LOGO! 12/24RCEo (6ED1052-2MD08-0BA1): All versions Siemens LOGO! 24CE (6ED1052-1CC08-0BA1): All versions Siemens LOGO! 24CEo (6ED1052-2CC08-0BA1): All versions Sie...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Out-of-bounds Write, Use After Free 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens COMOS, a unified data platform, are affected: COMOS: All versions prior to V10.5 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-b...