A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information...
7.5CVSS
7AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged...
6.5CVSS
6.2AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an...
7.8CVSS
7.5AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown....
5.9CVSS
5.6AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS)...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an...
7.5CVSS
7.2AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited...
5.3CVSS
5.1AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges ...
9.8CVSS
9.4AI Score
0.002EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade...
4.3CVSS
4.5AI Score
0.001EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade...
4.3CVSS
4.5AI Score
0.001EPSS
A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected...
8.1CVSS
8.2AI Score
0.001EPSS
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC...
9.8CVSS
9.8AI Score
0.004EPSS
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With...
5.5CVSS
5.7AI Score
0.0004EPSS
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network...
8.8CVSS
9.2AI Score
0.012EPSS
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and.....
7CVSS
7AI Score
0.0004EPSS
6.5CVSS
6.7AI Score
0.031EPSS
6.5CVSS
6.3AI Score
0.031EPSS
8.8CVSS
9.2AI Score
0.025EPSS
Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service...
7.5CVSS
7.4AI Score
0.002EPSS
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view domain details (such as the username and GUID of an...
5.3CVSS
5.3AI Score
0.003EPSS
Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest users to view license...
5.3CVSS
5.3AI Score
0.003EPSS
Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated...
7.8CVSS
8.1AI Score
0.0004EPSS
A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime...
7.5CVSS
7.7AI Score
0.003EPSS
An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a...
6.5CVSS
6.3AI Score
0.001EPSS
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If...
7.1CVSS
6.8AI Score
0.001EPSS
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel to be...
7.5CVSS
7.5AI Score
0.002EPSS
5.4CVSS
6.5AI Score
0.002EPSS
Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system...
7.8CVSS
8.4AI Score
0.0004EPSS
9.8CVSS
9.8AI Score
0.02EPSS
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD...
6.5CVSS
7.9AI Score
0.006EPSS
7.5CVSS
8.8AI Score
0.009EPSS
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated...
7.8CVSS
7.5AI Score
0.0004EPSS
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace...
9.8CVSS
9.5AI Score
0.035EPSS
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain...
9.8CVSS
9.6AI Score
0.015EPSS
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing...
6.1CVSS
5.9AI Score
0.003EPSS
7.5CVSS
8.7AI Score
0.006EPSS
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to...
8.1CVSS
7.7AI Score
0.001EPSS
Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC...
5.3CVSS
5.7AI Score
0.001EPSS
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating...
7.2CVSS
7.3AI Score
0.003EPSS
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero...
9.8CVSS
9.6AI Score
0.014EPSS
A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is...
7.8CVSS
7.5AI Score
0.0004EPSS
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer...
8.8CVSS
9.2AI Score
0.007EPSS
8.8CVSS
9.2AI Score
0.008EPSS
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer...
9.8CVSS
9.5AI Score
0.008EPSS
9.8CVSS
9.5AI Score
0.01EPSS
9.8CVSS
9.5AI Score
0.003EPSS
8.8CVSS
9.2AI Score
0.007EPSS
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client...
7.8CVSS
7.5AI Score
0.0005EPSS
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for...
8.1CVSS
8.9AI Score
0.001EPSS