Yokogawa Rental & Lease Corporation Security Vulnerabilities

CVE-2024-35995

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt....

CVE-2021-47390

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm] Read of size 8 at addr...

KB5019962: Windows 10 version 17784 / Azure Stack HCI Security Update (November 2022)

The remote Windows host is missing security update 5019962. It is, therefore, affected by multiple...

KB5013951: Windows 10 version 17784 / Azure Stack HCI Security Update (May 2022)

The remote Windows host is missing security update 5013951. It is, therefore, affected by multiple vulnerabilities resulting in miscellaneous security improvements to internal OS...

Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to...

Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability

Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to...

.NET Denial of Service vulnerability

Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their...

CVE-2021-47390 KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect()

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() KASAN reports the following issue: BUG: KASAN: stack-out-of-bounds in kvm_make_vcpus_request_mask+0x174/0x440 [kvm] Read of size 8 at addr...

KB5016620: Windows 10 version 17784 / Azure Stack HCI Security Update (August 2022)

The remote Windows host is missing security update 5016620. It is, therefore, affected by multiple...

KB5018415: Windows 10 version 17784 / Azure Stack HCI Security Update (October 2022)

The remote Windows host is missing security update 5018415. It is, therefore, affected by multiple...

KB5017311: Windows 10 version 17784 / Azure Stack HCI Security Update (September 2022)

The remote Windows host is missing security update 5017311. It is, therefore, affected by multiple miscellaneous security improvements to internal OS...

KB5014698: Windows 10 version 17784 / Azure Stack HCI Security Update (June 2022)

The remote Windows host is missing security update 5014698. It is, therefore, affected by multiple vulnerabilities resulting in miscellaneous security improvements to internal OS...

glpi -- SQL injection for all usages of "Clone" feature

MITRE Corporation reports: In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. This has been fixed in...

Fedora 29 : python3 / python3-docs (2019-60a1defcd1)

Python 3.7.4 is the fourth and most recent maintenance release of Python 3.7. Changelog for final, 3.7.4 release candidate 2 and 3.7.4 release candidate 1. Contains security fixes for CVE-2019-9948 and CVE-2019-10160. Note that Tenable Network Security has extracted the preceding description block....

CVE-2024-35989 dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid...

KB5015809: Windows 10 version 17784 / Azure Stack HCI Security Update (July 2022)

The remote Windows host is missing security update 5015809. It is, therefore, affected by miscellaneous security issues with the functionality of the internal...

CVE-2024-35989

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid...

CVE-2024-35989 dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid...

CVE-2021-43960

Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title,.....

CVE-2021-43960

Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title,.....

Security Updates Outlook for Windows (April 2024)

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by a spoofing vulnerability. External attackers could send specially crafted emails that will cause a connection from the victim to an untrusted location of attackers' control....

KB4592504: Windows Server 2008 December 2020 Security Update

The remote Windows host is missing security update 4592504 or cumulative update 4592498. It is, therefore, affected by multiple vulnerabilities: An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information....

glpi -- Reflexive XSS in Dropdown menus

MITRE Corporation reports: In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version...

RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.3] (RHSA-2022:8502)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8502 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators...

glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php

MITRE Corporation reports: In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users,...

CVE-2021-47449

In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush") added a lock around the Tx timestamp tracker flow which is used to cleanup any left over SKBs and prepare...

glpi -- bypass of the open redirect protection

MITRE Corporation reports: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version...

glpi -- Insecure Direct Object Reference on ajax/comments.ph

MITRE Corporation reports: In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users,...

KB5004950: Windows 10 1507 LTS OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...

KB5003209: Windows 8.1 and Windows Server 2012 R2 Security Update (May 2021)

The remote Windows host is missing security update 5003209. It is, therefore, affected by multiple...

glpi -- SQL injection for all helpdesk instances

MITRE Corporation reports: In GLPI before version 9.4.6, there is a SQL injection vulnerability for all helpdesk instances. Exploiting this vulnerability requires a technician account. This is fixed in version...

KB5004960: Windows Server 2012 OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...

KB5004959: Windows Server 2008 OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...

KB5004946: Windows 10 1909 OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...

CVE-2021-47449

In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e ("ice: add lock around Tx timestamp tracker flush") added a lock around the Tx timestamp tracker flow which is used to cleanup any left over SKBs and prepare for....

CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

CVE-2023-2062

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

KB5003169: Windows 10 version 1909 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

JVN#17680667: Multiple vulnerabilities in Unifier and Unifier Cast

Unifier and Unifier Cast provided by Yokogawa Rental ＆ Lease Corporation contains multiple vulnerabilities listed below. Incorrect Default Permissions configured by Cast Launcher (CWE-276) CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 7.8 CVE-2024-23847 Missing Authorization for...

CVE-2022-43363

Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS...

glpi -- leakage issue with knowledge base

MITRE Corporation reports: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the...

KB5030220: Windows 10 LTS 1507 Security Update (September 2023)

The remote Windows host is missing security update 5030220. It is, therefore, affected by multiple vulnerabilities Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) Windows TCP/IP Denial of Service Vulnerability (CVE-2023-38149) Windows Miracast Wireless...

KB5004947: Windows 10 1809 and Windows Server 2019 OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...

KB5004945: Windows 10 2004 / 20H2 / 21H1 OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...

KB5003697: Windows Server 2012 Security Update (June 2021)

The remote Windows host is missing security update 5003697. It is, therefore, affected by multiple...

KB5003695: Windows Server 2008 Security Update (June 2021)

The remote Windows host is missing security update 5003695. It is, therefore, affected by multiple...

KB5003172: Windows 10 version 1507 LTS Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

CVE-2022-43363

Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS...

glpi -- weak csrf tokens

MITRE Corporation reports: In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version...

KB5003174: Windows 10 version 1803 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...