Yokogawa Rental & Lease Corporation Security Vulnerabilities

CVE-2024-27169

Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference...

CVE-2024-27171

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

CVE-2024-27168

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference...

CVE-2024-27167

Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference...

CVE-2024-27163

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...

Security Updates for Microsoft Sharepoint 2016 (June 2021)

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-26420, CVE-2021-31963, CVE-2021-31964, CVE-2021-31966) ...

Security Updates for Exchange (September 2017)

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An...

Skype for Business and Lync Spoofing Vulnerability

The Microsoft Skype for Business or Microsoft Lync installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize a specially crafted...

Security Updates for Microsoft Sharepoint 2016 (July 2021)

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-34467, CVE-2021-34468, CVE-2021-34520) Microsoft SharePoint...

Security Updates for Microsoft SharePoint Server 2016 (February 2021)

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information....

KB5028171: Windows 2022 / Azure Stack HCI 22H2 Security Update (July 2023)

The remote Windows host is missing security update 5028171. It is, therefore, affected by multiple vulnerabilities Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367) Windows Netlogon Information Disclosure...

KB5006672: Windows 10 Version 1809 and Windows Server 2019 Security Update (October 2021)

The remote Windows host is missing security update 5006672. It is, therefore, affected by multiple vulnerabilities: A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity...

KB5005573: Windows 10 Version 1607 and Windows Server 2016 September 2021 Security Update

The remote Windows host is missing security update 5005573. It is, therefore, affected by multiple vulnerabilities : An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application. ...

Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An...

Windows 7 and Windows Server 2008 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054521 or cumulative update 4054518. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An...

glpi -- Public GLPIKEY can be used to decrypt any data

MITRE Corporation reports: GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on...

CVE-2019-1387

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code....

CVE-2024-20962

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-1800

In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization...

KB5006670: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 October 2021 Security Update

The remote Windows host is missing security update 5006670. It is, therefore, affected by multiple vulnerabilities: A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity...

KB4530714: Windows 10 Version 1709 December 2019 Security Update

The remote Windows host is missing security update 4530714. It is, therefore, affected by multiple vulnerabilities : A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute...

KB4480960: Windows 7 and Windows Server 2008 R2 January 2019 Security Update

The remote Windows host is missing security update 4480960 or cumulative update 4480970. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully...

KB5000822: Windows 10 Version 1809 and Windows Server 2019 March 2021 Security Update

The remote Windows host is missing security update 5000822. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-1640, CVE-2021-1729, CVE-2021-24095, CVE-2021-26860,...

CVE-2024-21062

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-21026

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Security Updates for Microsoft SharePoint Server 2016 (December 2020)

The Microsoft SharePoint Server 2016 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2020-17089) A remote code...

Security Updates for Microsoft SharePoint Server and Microsoft Project Server (November 2017)

The Microsoft SharePoint Server or Microsoft Project Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not ...

KB5005565: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (September 2021)

The remote Windows host is missing security update 5005565. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,...

Security Updates for Microsoft Exchange Server (March 2021)

The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A remote code execution vulnerability. An attacker could exploit this to execute unauthorized arbitrary code. (CVE-2021-26412, CVE-2021-26854, ...

Security Updates for Microsoft SharePoint Server 2019 (January 2021)

The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user....

KB4480957: Windows Server 2008 January 2019 Security Update

The remote Windows host is missing security update 4480957 or cumulative update 4480968. It is, therefore, affected by multiple vulnerabilities : An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully...

KB5001335: Windows 7 and Windows Server 2008 R2 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Microsoft Internet Messaging API Remote Code Execution Vulnerability (CVE-2021-27089) RPC Endpoint Mapper Service Elevation of Privilege Vulnerability (CVE-2021-27091) Windows Kernel...

CVE-2024-28041

HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary...

CVE-2024-20992

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter...

CVE-2024-20966

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-20994

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2024-20954

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit...

CVE-2024-21004

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated...

CVE-2024-21086

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM...

CVE-2024-21045

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21091

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2024-21023

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21094

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22;...

CVE-2024-21040

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21051

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2024-21046

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-20970

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-20998

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-21008

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

CVE-2024-21035

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...