Archivos mensuales: agosto 2024

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges.

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin

In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page

In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs.

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted.

An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM)

that could allow a local attacker to escalate privileges to kernel.

When performing an online tag generation to devices which communicate
using the ControlLogix protocol, a machine-in-the-middle, or a device
that is not configured correctly, could deliver a response leading to
unrestricted or unregulated resource allocation. This could cause a
denial-of-service condition and crash the Kepware application. By
default, these functions are turned off, yet they remain accessible for
users who recognize and require their advantages.

A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted.