Yokogawa Rental & Lease Corporation Security Vulnerabilities

KB5004958: Windows Server 2012 R2 OOB Security Update RCE (July 2021)

A remote command execution vulnerability exists in Windows Print Spooler service improperly performs privileged file operations. An authenticated, remote attacker can exploit this to bypass and run arbitrary code with SYSTEM...

KB5003197: Windows 10 1607 / Windows Server 2016 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

glpi -- leakage issue with knowledge base

MITRE Corporation reports: In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ. The issue was introduced in version 9.5.0 and patched in 9.5.2. As a workaround, disable public access to the...

CVE-2022-43363

Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable to discern any relationship between the Pastebin information and a possible XSS...

Security Constraint Bypass in Spring Security

Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path...

glpi -- weak csrf tokens

MITRE Corporation reports: In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version...

KB5033369: Windows 11 version 21H2 Security Update (December 2023)

The remote Windows host is missing security update 5033369. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...

KB5033427: Windows Server 2008 Security Update (December 2023)

The remote Windows host is missing security update 5033427. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) A division-by-zero error on some AMD processors can potentially return...

KB5030261: Windows Server 2008 R2 Security Update (September 2023)

The remote Windows host is missing security update 5030261. It is, therefore, affected by multiple vulnerabilities Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) DHCP Server Service Information Disclosure Vulnerability (CVE-2023-36801, CVE-2023-38152) ...

KB5007207: Windows 10 LTS 1507 Security Update (November 2021)

The Windows installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. An elevation of...

KB5007205: Windows 2022 Security Update (November 2021)

The remote Windows host is missing security update. See Vendor Advisory for...

KB5006675: WWindows 10 version 1507 LTS Security Update (October 2021)

The remote Windows host is missing security update 5006675. It is, therefore, affected by multiple...

KB5003687: Windows 10 version 1507 LTS Security Update (June 2021)

The remote Windows host is missing security update 5003687. It is, therefore, affected by multiple...

KB5003694: Windows 7 and Windows Server 2008 R2 Security Update (June 2021)

The remote Windows host is missing security update 5003694. It is, therefore, affected by multiple...

KB5003646: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2021)

The remote Windows host is missing security update 5003646. It is, therefore, affected by multiple...

KB4551762: Windows 10 Version 1903 and Windows 10 Version 1909 OOB Security Update (ADV200005)(CVE-2020-0796)

The remote Windows host is missing security update 4551762. It is, therefore, affected by a remote code execution vulnerability. The vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the...

KB4483230: Windows 10 Version 1703 December 2018 OOB Security Update

The remote Windows host is missing security update 4483230. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...

KB5034134: Windows 10 LTS 1507 Security Update (January 2024)

The remote Windows host is missing security update 5034134. It is, therefore, affected by multiple vulnerabilities Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666) Windows Kerberos Security Feature...

KB5033420: Windows Server 2012 R2 Security Update (December 2023)

The remote Windows host is missing security update 5033420. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Win32k Elevation of Privilege Vulnerability (CVE-2023-36011) A...

KB5033379: Windows 10 LTS 1507 Security Update (December 2023)

The remote Windows host is missing security update 5033379. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Win32k Elevation of Privilege Vulnerability (CVE-2023-36011) A...

KB5030286: Windows Server 2008 Security Update (September 2023)

The remote Windows host is missing security update 5030286. It is, therefore, affected by multiple vulnerabilities Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) DHCP Server Service Information Disclosure Vulnerability (CVE-2023-36801, CVE-2023-38152) ...

KB5003233: Windows 7 and Windows Server 2008 R2 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

KB5003171: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

KB4483234: Windows 10 Version 1803 and Windows Server Version 1803 December 2018 OOB Security Update

The remote Windows host is missing security update 4483234. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...

glpi -- Any CalDAV calendars is read-only for every authenticated user

MITRE Corporation reports: In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of every other user, even admin ones. This issue is fixed in version 9.5.3. As a workaround, one can remove the caldav.php file to block access to CalDAV...

KB5034176: Windows Server 2008 Security Update (January 2024)

The remote Windows host is missing security update 5034176. It is, therefore, affected by multiple vulnerabilities Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) Windows Group Policy Elevation...

KB5033375: Windows 11 version 22H2 Security Update (December 2023)

The remote Windows host is missing security update 5033375. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...

KB5030213: Windows 10 Version 1607 and Windows Server 2016 Security Update (September 2023)

The remote Windows host is missing security update 5030213. It is, therefore, affected by multiple vulnerabilities DHCP Server Service Denial of Service Vulnerability (CVE-2023-38162) Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) DHCP Server Service...

KB5006715: Windows Server 2008 Security Update (October 2021)

The remote Windows host is missing security update 5006715. It is, therefore, affected by multiple...

KB5003635: Windows 10 version 1909 Security Update (June 2021)

The remote Windows host is missing security update 5003635. It is, therefore, affected by multiple...

KB5003210: Windows Server 2008 Security Update (May 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

D-Link NAS nas_sharing.cgi command injection

Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage (NAS) devices allow different clients to connect to a centralized disk on a Local Area Network (LAN). Problem A backdoor and a command injection vulnerability in the nas_sharing.cgi script allow a remote...

CVE-2024-5142 XSS in Hubshare's social module

Stored Cross-Site Scripting vulnerability in Social Module in M-Files Hubshare before version 5.0.3.8 allows authenticated attacker to run scripts in other users...

KB5034184: Windows Server 2012 Security Update (January 2024)

The remote Windows host is missing security update 5034184. It is, therefore, affected by multiple vulnerabilities Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) Windows Group Policy Elevation...

KB5033371: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2023)

The remote Windows host is missing security update 5033371. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...

KB5033429: Windows Server 2012 Security Update (December 2023)

The remote Windows host is missing security update 5033429. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Win32k Elevation of Privilege Vulnerability (CVE-2023-36011) A...

KB5006728: Windows 7 and Windows Server 2008 R2 Security Update (October 2021)

The remote Windows host is missing security update 5006728. It is, therefore, affected by multiple...

KB5003638: Windows 10 version 1607 / Windows Server 2016 Security Update (June 2021)

The remote Windows host is missing security update 5003638. It is, therefore, affected by multiple...

D-Link NAS nas_sharing.cgi command injection

Added: 04/24/2024 CVE: CVE-2024-3273 Background D-Link Network Attached Storage (NAS) devices allow different clients to connect to a centralized disk on a Local Area Network (LAN). Problem A backdoor and a command injection vulnerability in the nas_sharing.cgi script allow a remote...

CVE-2024-4056 Denial of service condition in M-Files Server

Denial of service condition in M-Files Server in versions before 24.4.13592.4 and after 23.11 (excluding 24.2 LTS) allows unauthenticated user to consume computing...

RHEL 6 : dhcp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS (CVE-2016-2774) dhcp:...

KB5034171: Windows Server 2012 R2 Security Update (January 2024)

The remote Windows host is missing security update 5034171. It is, therefore, affected by multiple vulnerabilities Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654) Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674) Windows Group Policy Elevation...

KB5033383: Windows 11 version 22H2 Security Update (December 2023)

The remote Windows host is missing security update 5033383. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006) Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability...

KB5030279: Windows Server 2012 Security Update (September 2023)

The remote Windows host is missing security update 5030279. It is, therefore, affected by multiple vulnerabilities DHCP Server Service Denial of Service Vulnerability (CVE-2023-38162) Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161) DHCP Server Service...

KB5021243: Windows 10 LTS 1507 Security Update (December 2022)

The remote Windows host is missing security update 5021243. It is, therefore, affected by multiple vulnerabilities PowerShell Remote Code Execution Vulnerability (CVE-2022-41076) A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute ...

KB5003681: Windows 8.1 and Windows Server 2012 R2 Security Update (June 2021)

The remote Windows host is missing security update 5003681. It is, therefore, affected by multiple...

KB4586817: Windows Server 2008 November 2020 Security Update

The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more...

KB4483232: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 OOB Security Update

The remote Windows host is missing security update 4483232. It is, therefore, affected by a remote code execution vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could...

CVE-2023-4479 Stored XSS Vulnerability in M-Files Web

Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time...

KB5035919: Windows Server 2008 R2 Security Update (March 2024)

The remote Windows host is missing security update 5035919. It is, therefore, affected by multiple vulnerabilities Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166) Windows USB...