Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.
Category Archives: Advisories
CVE-2020-25193
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.
CVE-2020-25197
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.
CVE-2020-15388
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
CVE-2020-16232
In Yokogawa WideField3 R1.01 – R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.
openssl-1.1.1n-1.fc34
FEDORA-2022-9e88b5d8d7
Packages in this update:
openssl-1.1.1n-1.fc34
Update description:
Security fix for [PUT CVEs HERE]
openssl-1.1.1n-1.fc35
FEDORA-2022-a5f51502f0
Packages in this update:
openssl-1.1.1n-1.fc35
Update description:
Security fix for [PUT CVEs HERE]
bind-9.16.27-1.fc34 bind-dyndb-ldap-11.9-9.fc34
FEDORA-2022-042d9c6146
Packages in this update:
bind-9.16.27-1.fc34
bind-dyndb-ldap-11.9-9.fc34
Update description:
Upstream release notes
Fixed issue since bind 9.16.25 with broken bind-dyndb-ldap.
bind-9.16.27-1.fc35 bind-dyndb-ldap-11.9-11.fc35
FEDORA-2022-427cfc50f8
Packages in this update:
bind-9.16.27-1.fc35
bind-dyndb-ldap-11.9-11.fc35
Update description:
Upstream release notes
Fixed issue since bind 9.16.25 with broken bind-dyndb-ldap.
bind-9.16.27-1.fc36 bind-dyndb-ldap-11.9-14.fc36
FEDORA-2022-14e36aac0c
Packages in this update:
bind-9.16.27-1.fc36
bind-dyndb-ldap-11.9-14.fc36
Update description:
Upstream release notes
Fixed issue since bind 9.16.25 with broken bind-dyndb-ldap.