.net Security Vulnerabilities
Untrusted search path vulnerability in src/mainwindow.c in Net Activity Viewer 0.2.1 allows local users with Net Activity Viewer privileges to execute arbitrary code via a malicious gksu program, which is invoked during the Restart As Root...
7.2AI Score
0.0004EPSS
7.5CVSS
7.3AI Score
0.003EPSS
7.8CVSS
8.7AI Score
0.002EPSS
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the...
7.5CVSS
7.3AI Score
0.002EPSS
OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive...
7.5CVSS
7.4AI Score
0.005EPSS
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the...
6.5CVSS
7.1AI Score
0.002EPSS
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as...
6.5CVSS
7.1AI Score
0.002EPSS
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the...
7.5CVSS
7.6AI Score
0.002EPSS
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root...
9.1CVSS
9AI Score
0.002EPSS
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based...
6.8CVSS
5.2AI Score
0.001EPSS
5.9CVSS
5.7AI Score
0.001EPSS
4.7CVSS
4.7AI Score
0.0005EPSS
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMA...
10CVSS
9.3AI Score
0.002EPSS
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All ve...
7.6CVSS
7.4AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMA...
8.4CVSS
8.5AI Score
0.0005EPSS
OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory...
7.5CVSS
7.3AI Score
0.002EPSS
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource...
7.5CVSS
7.3AI Score
0.004EPSS
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource...
7.5CVSS
7.3AI Score
0.003EPSS
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted...
7.5CVSS
7.2AI Score
0.002EPSS
OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake...
7.5CVSS
7.5AI Score
0.004EPSS
5.5CVSS
5.4AI Score
0.003EPSS
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application...
6.1CVSS
5.9AI Score
0.001EPSS
resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g.,....
9.8CVSS
9.6AI Score
0.001EPSS
RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical...
5.3CVSS
5.3AI Score
0.001EPSS
3.3CVSS
5AI Score
0.002EPSS
7.5CVSS
7.3AI Score
0.002EPSS
7.5CVSS
7.3AI Score
0.002EPSS
7.5CVSS
7.3AI Score
0.002EPSS
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by...
9.8CVSS
9.4AI Score
0.003EPSS
5.3CVSS
5.3AI Score
0.004EPSS
7.5CVSS
7.3AI Score
0.002EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31-1XX0), SIMATIC CFU PA (6ES7655-5PX11-0XX0), SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET...
7.5CVSS
6.2AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
7.5CVSS
7.3AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
9.8CVSS
9.3AI Score
0.003EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
8.8CVSS
8.8AI Score
0.002EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
8.8CVSS
8.5AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
7.5CVSS
7.3AI Score
0.002EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
6.1CVSS
5.8AI Score
0.001EPSS
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V,...
7.5CVSS
7.5AI Score
0.002EPSS
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export...
8.6CVSS
7.8AI Score
0.01EPSS
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting...
7.5CVSS
7.8AI Score
0.0004EPSS
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer...
6.5CVSS
6.4AI Score
0.001EPSS
6.3CVSS
7AI Score
0.006EPSS
7.5CVSS
7.4AI Score
0.001EPSS
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. NOTE: the vendor disputes this because the ado.im reference has "no.....
6.1CVSS
6AI Score
0.001EPSS
7.5CVSS
7.4AI Score
0.001EPSS
7.5CVSS
7.7AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.028EPSS