Design/Logic Flaw

The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration...

Exploit for Path Traversal in Apache Http_Server

Mitigation-CVE-2021-41773- Shell Script to mitigate CVE-2021-4...

WAVLINK WN530HG4 Trust Management Issue Vulnerability

The WAVLINK WN530HG4 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in WAVLINK WN530HG4 M30HG4.V5030.191116 version, which originates from a hard-coded encryption/decryption key contained in the configuration file of xportAllSettings.sh. No details of the...

CVE-2022-33320

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...

CVE-2022-33320

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...

PT-2022-21768

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97.1 and prior Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior Description The issue allows an unauthenticated attacker to execute arbitrary malicious code by leading a user to load a project...

WAVLINK WN530HG4 信任管理问题漏洞

The WAVLINK WN530HG4 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in WAVLINK WN530HG4 M30HG4.V5030.191116 version, which originates from a hard-coded encryption/decryption key contained in the configuration file of xportAllSettings.sh. No details of the...

PT-2022-21982

Name of the Vulnerable Software and Affected Versions Wavlink WN530HG4 version M30HG4.V5030.191116 Description A hardcoded encryption/decryption key was found in the configuration files of the affected device, specifically at the /etc ro/lighttpd/www/cgi-bin/ExportAllSettings.sh location. This...

CVE-2022-26117

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

Design/Logic Flaw

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

CVE-2022-26117

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

CVE-2022-26117

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

The vulnerability of the Command Line Interface (CLI) of the Fortinet FortiNAC access control device allows a attacker to gain access to the MySQL database.

The vulnerability of the Command Line Interface CLI of the Fortinet FortiNAC access control device is related to the use of a default password for the configuration file. Exploiting this vulnerability could allow an attacker to gain access to the MySQL database...

CVE-2022-31213

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...

Kubeaudit - Tool To Audit Your Kubernetes Clusters Against Common Security Controls

kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don't add new ones don't run privileged and more! tldr.kubeaudit makes sure you deploy secure...

UBUNTU-CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...

CVE-2022-31079 KubeEdge Cloud Stream and Edge Stream DoS from large stream message

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the Cloud Stream server and the Edge Stream server reads the entire message into memory without imposing a limit on the size o...

CVE-2022-1794

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...

CVE-2022-1794

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...

Design/Logic Flaw

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...