#vulnerability

Red Hat Security Advisory 2024-6779-03 - Red Hat Advanced Cluster Management for Kubernetes 2.10.6 General Availability release images, which fix bugs and update container images.

Red Hat Security Advisory 2024-6765-03 - An update is now available for Red Hat Ansible Automation Platform 2.4.

Red Hat Security Advisory 2024-6757-03 - An update for libnbd is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Security Advisory 2024-6754-03 - An update for expat is now available for Red Hat Enterprise Linux 9. Issues addressed include an integer overflow vulnerability.

Red Hat Security Advisory 2024-6753-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include double free and out of bounds read vulnerabilities.

The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`. If credentials are included in the repository URI (for instance, to allow for fetching of private dependencies), the final binary will contain the full URI, including said credentials.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low Attack Complexity Vendor: IDEC Corporation Equipment: IDEC PLCs Vulnerabilities: Cleartext Transmission of Sensitive Information, Generation of Predictable Identifiers 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain user authentication information or disrupt communication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of IDEC PLCs are affected: FC6A Series MICROSmart All-in-One CPU module: Ver.2.60 and prior FC6B Series MICROSmart All-in-One CPU module: Ver.2.60 and prior FC6A Series MICROSmart Plus CPU module: Ver.2.40 and prior FC6B Series MICROSmart Plus CPU module: Ver.2.60 and prior FT1A Series SmartAXIS Pro/Lite: Ver.2.41 and prior (affected only by CVE-2024-41927) 3.2 Vulnerability Overview 3.2.1 CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 The affected products are vulnerable to a cleartext vulnerability that could allow an attacker to o...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kastle Systems Equipment: Access Control System Vulnerabilities: Use of Hard-coded Credentials, Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information on the affected product. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Kastle Systems Access Control System are affected: Access Control System: Firmware before May 1, 2024 3.2 Vulnerability Overview 3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. CVE-2024-45861 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). A CVSS v4 score has also been ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable locally/high attack complexity Vendor: Rockwell Automation Equipment: RSLogix 5 and RSLogix 500 Vulnerability: Insufficient verification of data authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation RSLogix 5 and RSLogix 500, a programming software, are affected: RSLogix 500: All versions RSLogix Micro Developer and Starter: All versions RSLogix 5: All versions 3.2 Vulnerability Overview 3.2.1 INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345 A feature in the affected products enables users to prepare a project file with an embedded VBA script and can be configured to run once the project file has been opened without user intervention. This feature can be abused to trick a legitimate user into executing malicious code upon opening an infected RSP/R...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: MegaSys Computer Technologies Equipment: Telenium Online Web Application Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MegaSys Computer Technologies products are affected: Telenium Online Web Application: versions 8.3 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Telenium Online Web Application is vulnerable due to a Perl script that is called to load the login page. Due to improper input validation, an attacker can inject arbitrary Perl code through a crafted HTTP request, leading to remote code execution on the server. CVE-2024-6404 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 ha...