180 matches found
Design/Logic Flaw
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an...
CVE-2019-6819
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...
Design/Logic Flaw
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...
CVE-2018-7803
The CVE-2018-7803 entry concerns Schneider Electric’s Triconex TriStation Emulator V1.2.0. It describes a CWE-754 issue: an improper check for unusual or exceptional conditions that could cause the emulator to crash when processing a specially crafted packet. The vulnerability is limited to offli...
CVE-2018-7803
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an...
CVE-2019-6819
Schneider Electric Modicon M340 (pre-3.01), M580 (pre-2.80), and all Modicon Quantum and Premium firmware are affected by CVE-2019-6819 (CWE-754). A remote attacker can cause a denial-of-service by sending specially crafted Modbus frames. The Red Hat, Tenable OT, and CISA/ICS advisories corrobora...
CVE-2019-6819
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to...
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 Vaadin 10.0.0 through 10.0.7, and Vaadin 11.0.0 through 11.0.2 allows attacker to update element property values via crafted synchronization message. See CWE-754: Improper Check for Unusual or Exceptional...
Schneider Electric Modicon M221
1. EXECUTIVE SUMMARY CVSS v3 4.8 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: Modicon M221 Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to remotely...
jenkins: CLI leaked existence of views and agents with attacker-specified names to users without Overall/Read permission (SECURITY-754)
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to...
Amazon Linux: Security Advisory (ALAS-2016-754)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : php70 (ALAS-2016-754)
ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted field metadata...
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'openssl' class Metasploit3 'OpenSSL Alternative Chains Certificate Forgery MITM Proxy', 'Description' = %q This module exploits a logic error ...
HP-UX PHNE_44236 : s700_800 11.23 NTP timeservices upgrade plus utilities
s700800 11.23 NTP timeservices upgrade plus utilities : Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service DoS, or other vulnerabilities. References: CVE-2014-9293 - Insufficient Entropy in...
[SECURITY] Fedora 20 Update: mpfr-3.1.2-5.fc20
The MPFR library is a C library for multiple-precision floating-point computations with "correct rounding". The MPFR is efficient and also has a well-defined semantics. It copies the good ideas from the ANSI/IEEE-754 standard for double-precision floating-point arithmetic 53-bit mantissa. MPFR is...
CVE-2010-4274
resetdiragentkeys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership...
Code injection
resetdiragentkeys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership...
Ubuntu USN-754-1 (clamav)
The remote host is missing an update to clamav announced via advisory USN-754-1. OpenVAS Vulnerability Test $Id: ubuntu7541.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7541.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-754-1 clamav Authors: Thomas Rein...
Debian Security Advisory DSA 754-1 (centericq)
The remote host is missing an update to centericq announced via advisory DSA 754-1. Eric Romang discovered that centericq, a text-mode multi-protocol instant messenger client, creates some temporary files with predictable filenames and is hence vulnerable to symlink attacks by local attackers. Th...
Debian DSA-754-1 : centericq - insecure temporary file
Eric Romang discovered that centericq, a text-mode multi-protocol instant messenger client, creates some temporary files with predictable filenames and is hence vulnerable to symlink attacks by local attackers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...