FUJI ELECTRIC CO., LTD. And Hakko Electronics Co., Ltd. Security Vulnerabilities

CVE-2024-4547 Delta Electronics DIAEnergie Unauthenticated SQL Injection

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth...

wap-co-nop-sitiowebsc.azurewebsites.net Cross Site Scripting vulnerability OBB-3852309

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...

CVE-2024-4547 Delta Electronics DIAEnergie Unauthenticated SQL Injection

A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth...

HTTP/2 HPACK integer overflow and buffer allocation

An integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. In MetaDataBuilder.java, the following code determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded: java 291 public void...

Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection < 10.24 - Missing Authorization to Information Expsoure

Description The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stopbadbots_get_ajax_data() function in all versions up to, and including, 10.23. This makes it.....

Schneider Electric InTouch Machine Edition Detection

The remote host has Schneider Electric InTouch Machine Edition installed. This is an application development and maintenance software for wireless SCADA...

Schneider Electric Multiple Products Buffer Overflow

The remote host has Schneider Electric software installed that is affected by a stack-based buffer overflow vulnerability in file 'isObjectModel.dll' of the DTM development kit. This flaw can be exploited by a remote attacker to execute arbitrary...

CVE-2024-24964

Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows...

Schneider Electric InduSoft Web Studio Detection

The remote host is running Schneider Electric InduSoft Web Studio, a software application for managing and monitoring remote SCADA...

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

CVE-2024-4610 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

CVE-2024-34033 Path Traversal vulnerability in Delta Electronics DIAEnergie

Delta Electronics DIAEnergie has insufficient input validation which makes it possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be...

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

CVE-2024-4610 Mali GPU Kernel Driver allows improper GPU memory processing operations

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

python-blivet bug fix and enhancement update

An update is available for python-blivet. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

weldr-client bug fix and enhancement update

An update is available for weldr-client. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

python3.12-pyyaml bug fix and enhancement update

An update is available for python3.12-pyyaml. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky....

python3.12-requests bug fix and enhancement update

An update is available for python3.12-requests. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

c-ares bug fix and enhancement update

An update is available for c-ares. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.10....

kexec-tools bug fix and enhancement update

An update is available for kexec-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux....

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...

gtk-vnc bug fix and enhancement update

An update is available for gtk-vnc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

python3.12-pip bug fix and enhancement update

An update is available for python3.12-pip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

net-snmp bug fix and enhancement update

An update is available for net-snmp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

python-urllib3 bug fix and enhancement update

An update is available for python-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...

CVE-2024-4610

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0;...

Moderate: podman security and bug fix update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: jose-go: improper handling of highly compressed data (CVE-2024-28180) podman:...

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

Important: tomcat security and bug fix update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): Apache Tomcat: HTTP/2 header handling DoS (CVE-2024-24549) Apache Tomcat: WebSocket DoS with incomplete closing handshake (CVE-2024-23672) Bug Fix(es): Rebase tomcat to...

rpm-ostree bug fix and enhancement update

An update is available for rpm-ostree. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The rpm-ostree tool binds together the RPM packaging model with the...

grafana-pcp bug fix and enhancement update

An update is available for grafana-pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list grafana-pcp is an open source Grafana plugin for PCP. Bug Fix(es) and...

ansible-freeipa bug fix and enhancement update

An update is available for ansible-freeipa. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

python3.12-lxml bug fix and enhancement update

An update is available for python3.12-lxml. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

gnome-shell bug fix and enhancement update

An update is available for gnome-shell. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux....

python3.12-cffi bug fix and enhancement update

An update is available for python3.12-cffi. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

python-pip bug fix and enhancement update

An update is available for python-pip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux.....

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating....

CVE-2023-51485

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Hosting Pay with Vipps and MobilePay for WooCommerce allows Stored XSS.This issue affects Pay with Vipps and MobilePay for WooCommerce: from n/a through...

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

Moderate: virt:rhel and virt-devel:rhel security update

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....

poppler-data bug fix and enhancement update

An update is available for poppler-data. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

go-toolset:rhel8 bug fix and enhancement update

An update is available for delve, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

python3.11-pip bug fix and enhancement update

An update is available for python3.11-pip. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

fence-agents security and bug fix update

An update is available for fence-agents. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....

smc-tools bug fix and enhancement update

An update is available for smc-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

ADP Grant - Intent mismatch between Intent.toUri and Intent.parseUri

In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

Moderate: buildah security and bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...