Vulnerabilities

A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack.

A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 <br /> <br /> could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text.

A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset.

Incorrect Implementation of Authentication Algorithm in Apache Kafka&amp;#39;s SCRAM implementation.<br /> <br /> Issue Summary:<br /> Apache Kafka&amp;#39;s implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 5802 [1].<br /> Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message.<br /> However, Kafka&amp;#39;s SCRAM implementation did not perform this validation.<br /> <br /> Impact:<br /> This vulnerability is exploitable only when an attacker has plaintext access to the SCRAM authentication exchange. However, the usage of SCRAM over plaintext is strongly<br /> discouraged as it is considered an insecure practice [2]. Apache Kafka recommends deploying SCRAM exclusively with TLS encryption to protect SCRAM exchanges from interception [3].<br /> Deployments using SCRAM with TLS are not affected by this issue.<br /> <br /> How to Detect If You Are Impacted:<br /> If your deployment uses SCRAM authentication over plaintext communication channels (without TLS encryption), you are likely impacted.<br /> To check if TLS is enabled, review your server.properties configuration file for listeners property. If you have SASL_PLAINTEXT in the listeners, then you are likely impacted.<br /> <br /> Fix Details:<br /> The issue has been addressed by introducing nonce verification in the final message of the SCRAM authentication exchange to ensure compliance with RFC 5802.<br /> <br /> Affected Versions:<br /> Apache Kafka versions 0.10.2.0 through 3.9.0, excluding the fixed versions below.<br /> <br /> Fixed Versions:<br /> 3.9.0<br /> 3.8.1<br /> 3.7.2<br /> <br /> Users are advised to upgrade to 3.7.2 or later to mitigate this issue.<br /> <br /> Recommendations for Mitigation:<br /> Users unable to upgrade to the fixed versions can mitigate the issue by:<br /> - Using TLS with SCRAM Authentication:<br /> Always deploy SCRAM over TLS to encrypt authentication exchanges and protect against interception.<br /> - Considering Alternative Authentication Mechanisms:<br /> Evaluate alternative authentication mechanisms, such as PLAIN, Kerberos or OAuth with TLS, which provide additional layers of security.

A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript&amp;#39;s garbage collector

An Improper Neutralization of Special Elements used in an OS Command (&amp;#39;OS Command Injection&amp;#39;) vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests.

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

Deserialization of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects VRPConnector: from n/a through

Improperly Controlled Modification of Object Prototype Attributes (&amp;#39;Prototype Pollution&amp;#39;) vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through

Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in PowerFormBuilder PowerFormBuilder power-forms-builder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through