Monthly Archive: May 2022

Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile...

radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. Date published : 2022-05-25 https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ https://github.com/radareorg/radare2/issues/19478

Docker Desktop 4.3.0 has Incorrect Access Control. Date published : 2022-05-25 https://docs.docker.com/desktop/mac/release-notes/ https://docs.docker.com/desktop/release-notes/#security-2

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This...

The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration,...

When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. Date published : 2022-05-25 https://www.cisa.gov/uscert/ics/advisories/icsa-21-208-04

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns...

User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. Date published : 2022-05-25 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098586

VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. Date published : 2022-05-25 https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098165

In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. Date published : 2022-05-25 https://sourceforge.net/p/sox/bugs/360/

In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. Date published : 2022-05-25 https://sourceforge.net/p/sox/bugs/360/

MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service...

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released...

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which...