A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite...
7AI Score
OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this...
7.5CVSS
6.5AI Score
0.0005EPSS
An incorrect authentication vulnerability has been found in Socomec Net Vision affecting version 7.20. This vulnerability allows an attacker to perform a brute force attack on the application and recover a valid session, because the application uses a five-digit integer...
6.7CVSS
7.5AI Score
0.0004EPSS
Cross-Site Request Forgery vulnerability in Socomec Net Vision, version 7.20. This vulnerability could allow an attacker to trick registered users into performing critical actions, such as adding and updating accounts, due to lack of proper sanitisation of the ‘set_param.cgi’...
7.1CVSS
7.3AI Score
0.0004EPSS
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a...
6.5CVSS
6.8AI Score
0.0004EPSS
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a GET-NEXT to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong.....
6.5CVSS
6.8AI Score
0.0004EPSS
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version...
6.5CVSS
7.1AI Score
0.0004EPSS
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong...
6.5CVSS
6.8AI Score
0.0004EPSS
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. A user with read-write credentials can exploit the issue. Version 5.9.2....
6.5CVSS
6.8AI Score
0.0004EPSS
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users...
6.5CVSS
6.8AI Score
0.0004EPSS
5.5CVSS
7.2AI Score
0.0004EPSS
7.3CVSS
8.1AI Score
0.0004EPSS
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
7.1AI Score
0.0004EPSS
7.5CVSS
7AI Score
0.013EPSS
7.5CVSS
7.3AI Score
0.0005EPSS
7.5CVSS
7.4AI Score
0.0005EPSS
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...
7.2AI Score
0.0004EPSS
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...
7.4AI Score
0.0004EPSS
The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...
7.4AI Score
0.0004EPSS
7.5CVSS
7.4AI Score
0.003EPSS
A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions). Affected products...
7.5CVSS
7.5AI Score
0.0005EPSS
Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from...
7.8CVSS
7.4AI Score
0.0004EPSS
Incorrect Permission Assignment for Critical Resource vulnerability in B&R Industrial Automation Automation Studio allows Privilege Escalation.This issue affects Automation Studio: from 4.6.0 through 4.6.X, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4...
8.8CVSS
7.5AI Score
0.0004EPSS
6.8CVSS
6.7AI Score
0.001EPSS
7.5CVSS
7.3AI Score
0.002EPSS
7.5CVSS
8.3AI Score
0.002EPSS
9.8CVSS
7.4AI Score
0.001EPSS
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass...
8.7CVSS
8.1AI Score
0.002EPSS
The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not...
7.5CVSS
7.2AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All.....
7.5CVSS
7.2AI Score
0.0005EPSS
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about...
5.3CVSS
6.9AI Score
0.001EPSS
The Elastic APM .NET Agent can leak sensitive HTTP header information when logging the details during an application error. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application error it is possible the headers...
4.3CVSS
6.7AI Score
0.0004EPSS
5.5CVSS
6.9AI Score
0.0005EPSS
7.5CVSS
6.9AI Score
0.002EPSS
9.8CVSS
7AI Score
0.001EPSS
8.8CVSS
7.4AI Score
0.0005EPSS
5.5CVSS
7.3AI Score
0.0004EPSS
Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users....
5.9CVSS
5.7AI Score
0.001EPSS
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of...
9.1CVSS
9AI Score
0.001EPSS
Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her...
8.8CVSS
7.6AI Score
0.001EPSS
Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration...
4.9CVSS
5.9AI Score
0.001EPSS
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
4.9CVSS
5.7AI Score
0.001EPSS
Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an...
4.3CVSS
5.6AI Score
0.001EPSS
Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the...
7.2CVSS
7.5AI Score
0.001EPSS
Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available...
6.5CVSS
5.4AI Score
0.001EPSS
A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
7.8AI Score
0.001EPSS
A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
7.8AI Score
0.001EPSS
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
8.1AI Score
0.001EPSS
A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
7.8AI Score
0.001EPSS
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this...
9.8CVSS
8.4AI Score
0.001EPSS