EUVD-2018-3947

Malware in sbrugna...

CVE-2025-3947

The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access CDA. An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking during subtraction leading to a...

CVE-2025-3947 Integer underflow during processing of short network packets in CDA FTEB responder

The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access CDA. An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking during subtraction leading to a...

CVE-2025-3947

The CVE-2025-3947 issue affects Honeywell Experion PKS CDA (Control Data Access) with an integer underflow, enabling input data manipulation that could cause denial of service. Affected products include C300 PCNT02/05, FIM4/8, UOC, CN100, HCA, C300PM, C200E; affected PKS versions are 520.1–520.2 ...

CVE-2025-3947 Integer underflow during processing of short network packets in CDA FTEB responder

The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access CDA. An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking during subtraction leading to a...

CVE-2019-3947

Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server...

CVE-2024-3947 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodosettings function. This makes it possible for unauthenticated attackers to modify the plugin's settings via ...

WordPress Video Conferencing with Zoom Plugin <= 4.2.1 is vulnerable to Sensitive Data Exposure

Software Video Conferencing with Zoom Type Plugin Vulnerable versions = 4.2.1 Fixed in 4.2.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-3947 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID 55e6071a651c Credits Lana Codes...

CVE-2023-3947

creationtimestamp| type| source ---|---|--- 2023-07-26 07:27:21+00:00| seen| https://t.me/cibsecurity/67284...

CVE-2023-3947

CVE-2023-3947 affects the WordPress plugin “Video Conferencing with Zoom”. A hardcoded encryption key in vczapi_encrypt_decrypt allows unauthenticated attackers to decrypt and view meeting IDs and passwords for versions up to and including 4.2.1. A fix is available in 4.2.2 (per PatchStack) and i...

RHEL 9 : open-vm-tools (RHSA-2023:3947)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3947 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization...

SUSE CVE-2016-3947

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service performance degradation or transition failures or write sensitive information to log files via an ICMPv6...

SUSE: Security Advisory (SUSE-SU-2022:3947-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-3947

A vulnerability classified as critical has been found in eolinker gokulite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2022-3947

CVE-2022-3947 affects eolinker goku_lite, with a SQL injection flaw in the /balance/service/list endpoint caused by unsanitized input in route/keyword. The vulnerability can be exploited remotely and has been publicly disclosed. NVD lists CVSS 3.1 base metrics as 9.8 (CRITICAL) with Network attac...

CVE-2022-3947 eolinker goku_lite list sql injection

A vulnerability classified as critical has been found in eolinker gokulite. This affects an unknown part of the file /balance/service/list. The manipulation of the argument route/keyword leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2021-3947 affecting package qemu for versions less than 6.2.0-2

CVE-2021-3947 affecting package qemu for versions less than 6.2.0-2. An upgraded version of the package is available that resolves this issue...

Exploit for Use After Free in Qemu

CVE-2021-3929-3947 VM escape PoC for CVE-2021-3929https://...

CVE-2021-3947 affecting package qemu-kvm 4.2.0-48

CVE-2021-3947 affecting package qemu-kvm 4.2.0-48. A patched version of the package is available...

Security fix for the ALT Linux 10 package qemu version 6.1.1-alt1

6.1.1-alt1 built March 1, 2022 Alexey Shabalin in task 295902 --- Feb. 24, 2022 Alexey Shabalin - 6.1.1 - Fixes for the following security vulnerabilities: + CVE-2021-3713 uas: add stream number sanity checks + CVE-2021-3947 hw/nvme: fix buffer overrun in nvmechangednslist + CVE-2021-20196...