Tag
#vulnerability
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIDIS Prime Vulnerabilities: Race Condition Enabling Link Following, Improper Validation of Integrity Check Value, Unchecked Input for Loop Condition, Expected Behavior Violation, Incorrect Provision of Specified Functionality, Heap-based Buffer Overflow, Cleartext Transmission of Sensitive Information, Use After Free, NULL Pointer Dereference, Exposure of Sensitive Information to an Unauthorized Actor, Out-of-bounds Write, Improper Input Validation, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of these vulnerabilities coul...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: License Server Vulnerabilities: Improper Privilege Management, Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a low-privileged local user to escalate privileges or perform arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: License Server (SLS): All versions before V4.3 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269 The affected application searches for executable files in the application folder without proper valida...
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: Arctic Wireless Gateways Vulnerabilities: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Improper Privilege Management, Exposure of Sensitive Information to an Unauthorized Actor, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 2. RISK EVALUATION Successful exploitation of these vulnerabilities could run arbitrary code in the product with privileged user permissions or could lead to a denial of service or tampering with unencrypted traffic. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ABB reports there are vulnerabilities in the Telit PL62-W wireless modem module used in the following products: Arctic ARP600, ARC600, ARR600: Firmware versions 3.4.10, 3.4.11, 3.4.12, 3.4.13 (CVE-2024-6387) Arctic Wireless Gateways ARG600, AR...
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
### Impact _What kind of vulnerability is it? Who is impacted?_ **Description:** This vulnerability affects confidential client applications, including daemons, web apps, and web APIs. Under specific circumstances, sensitive information such as client secrets or certificate details may be exposed in the service logs of these applications. Service logs are intended to be handled securely. **Impact:** The vulnerability impacts service logs that meet the following criteria: - **Logging Level:** Logs are generated at the information level. - **Credential Descriptions:** containing: - Local file paths with passwords. - Base64 encoded values. - Client secret. Additionally, logs of services using Base64 encoded certificates or certificate paths with password credential descriptions are also affected if the certificates are invalid or expired, regardless of the log level. Note that these credentials are not usable due to their invalid or expired status. If your service log...
Stay secure on the move. Protect your devices, data, and privacy with smart habits, reliable gear, updated software…
If you use WhatsApp for Windows, you'll want to make sure you're on the latest version.
Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.ConfigurationImpl logger has the debug level enabled. This issue affects Apache ActiveMQ Artemis: from 1.5.1 before 2.40.0. It can be mitigated by restricting log access to only trusted users. Users are recommended to upgrade to version 2.40.0, which fixes the issue.
A recent case of alleged cyber-voyeurism shows how important it is to secure your computer against unwanted eavesdroppers using malware.
## Impact wallabag versions prior to 2.6.11 were discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities across several endpoints. An attacker could craft a malicious link or page that, if visited by a logged-in wallabag user, could trick the user's browser into performing unintended actions within their wallabag account without their consent. Additionally, one endpoint affects the login page locale setting. The affected endpoints allow attackers to potentially perform actions such as: * **Manage API Tokens:** * `/generate-token` * `/revoke-token` * **Manage User Rules:** * `/tagging-rule/delete/{taggingRule}` * `/ignore-origin-user-rule/delete/{ignoreOriginUserRule}` * **Modify User Configuration:** * `/config/view-mode` * **Manage Individual Entries:** * `/reload/{id}` * `/archive/{id}` * `/star/{id}` * `/delete/{id}` * `/share/{id}` * `/share/delete/{id}` * **Manage Tags:** * `/remove-tag/{entry}/{tag}` ...