2877 matches found
CVE-2022-37904
CVE-2022-37904 affects ArubaOS on 7xxx series Aruba Mobility Controllers. The issue allows controlled code execution during the boot sequence, potentially causing permanent modification to the underlying OS. Connected sources describe the vulnerability consistently across multiple vendors/securit...
CVE-2022-37904
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system...
PT-2022-24139 · Aruba · Arubaos
Name of the Vulnerable Software and Affected Versions: ArubaOS versions on 7xxx series controllers affected versions not specified Description: The issue allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent...
GO-2022-1071 Denial of service in flux controllers in github.com/fluxcd modules
Flux controllers are vulnerable to a denial of service attack. Users that have permissions to change Flux's objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout and structured variations of these fields, causing the...
CVE-2021-38399
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories...
CVE-2021-38395
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition...
Race condition
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition...
Path traversal
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories...
Unrestricted file upload
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition...
CVE-2021-38397
CVE-2021-38397 affects Honeywell Experion PKS: C200, C200E, C300, and ACE controllers. Root cause is unrestricted file uploads (insufficient input validation) allowing remote code execution and DoS. Impact is high: potential remote compromise of ICS assets. Remediation varies: Honeywell has added...
CVE-2021-38397 Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition...
CVE-2021-38395 Honeywell Experion PKS and ACE Controllers Injection
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition...
CVE-2021-38395
The CVE-2021-38395 entry applies to Honeywell Experion PKS C200, C200E, C300 and ACE controllers, where the vulnerability stems from improper neutralization of special elements in output. This condition can allow a remote attacker to execute arbitrary code and trigger a denial-of-service. Publicl...
CVE-2021-38395 Honeywell Experion PKS and ACE Controllers Injection
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition...
CVE-2021-38399 Honeywell Experion PKS and ACE Controllers Relative Path Traversal
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to relative path traversal, which may allow an attacker access to unauthorized files and directories...
CVE-2021-38399
CVE-2021-38399 affects Honeywell Experion PKS/C200, C200E, C300 and ACE controllers. The issue is a relative path traversal in the directory/file processing, potentially allowing an attacker to read arbitrary files or directories. NVD/NIST lists a base CVSSv3.1 score of 7.5 (HIGH) with NETWORK at...
Siemens APOGEE PXC / TALON TC Authentication Bypass Exploit
APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers and TALON TC BACnet Automation Controllers. With a 7.5 CVSS, this exploit allows for an attacker to perform an authentication bypass using an alternate path or...
Siemens APOGEE PXC / TALON TC Authentication Bypass
!/usr/bin/env python3 -- coding: utf-8 -- 2022-05-23 Standard Modules from metasploit import module Extra Dependencies dependenciesmissing = False try: import logging import requests import requests import xmltodict import xml.etree.ElementTree as ET import socket import struct import requests...
Aruba Networks ArubaOS 操作系统命令注入漏洞
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, USA. An operating system command injection vulnerability exists in Aruba Networks ArubaOS. No information about this vulnerability i...
Aruba Networks ArubaOS 操作系统命令注入漏洞
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, USA. An operating system command injection vulnerability exists in Aruba Networks ArubaOS. No information about this vulnerability i...