The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.



All legitimate local Microsoft Windows users can read or modify files that are located in the working directory of the affected CODESYS products, even if they are executed under a different user or in the system context.



The CODESYS OPC UA stack of the CODESYS Control runtime system may incorrectly calculate the required buffer size for received requests/responses. This can lead to a crash of the CODESYS runtime system during the subsequent initialization of the receive buffer with zero.

Update: 10.07.2024 In the Remediation section, the release date of the update has been deleted as the update is now available.



ifm: moneo password reset can be exploited

moneo "Forgot Password" function has a vulnerability which allows gaining privileged access.



Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0