A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3.0 and earlier allows local attackers to execute code on the system as a high privileged user. Date published : 2020-11-06 https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01
A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated attackers to upload or download arbitrary files. Date published : 2020-11-06 https://us-cert.cisa.gov/ics/advisories/icsma-20-296-01
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export. Date published :...
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. Date published : 2020-11-06 https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ https://www.debian.org/security/2021/dsa-4837
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. Date published : 2020-11-06 https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ https://www.debian.org/security/2021/dsa-4837
PackageKit’s apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this...
PackageKit provided detailed error messages to unprivileged callers that exposed information about file presence and mimetype of files that the user would be unable to determine on its own. Date published : 2020-11-06 https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887...
ad-ldap-connector’s admin panel before version 5.0.13 does not provide csrf protection, which when exploited may result in remote code execution or confidential data loss. CSRF exploits may occur if the user visits a malicious...
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a...
Visual Components (owned by KUKA) is a robotic simulator that allows simulating factories and robots in order toimprove planning and decision-making processes. Visual Components software requires a special license which can beobtained from a...
IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440. Date published : 2020-11-05 https://www.ibm.com/support/pages/node/6359945 https://exchange.xforce.ibmcloud.com/vulnerabilities/147440
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without...
This affects the package phantom-html-to-pdf before 0.6.1. Date published : 2020-11-05 https://github.com/pofider/phantom-html-to-pdf/commit/b5d2da2639a49a95e0bdb3bc0c987cb6406b8259 https://snyk.io/vuln/SNYK-JS-PHANTOMHTMLTOPDF-1023598
This affects the package jsreport-chrome-pdf before 1.10.0. Date published : 2020-11-05 https://github.com/jsreport/jsreport-chrome-pdf/commit/6750b2f77d05cb843aefc1c4a98097a3bd33a6a2 https://snyk.io/vuln/SNYK-JS-JSREPORTCHROMEPDF-1037310