2877 matches found
CVE-2019-19249
Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations...
Information disclosure
Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations...
CVE-2019-19249
The CVE-2019-19249 entry concerns the QueryTree project: Controllers/InvitationsController.cs mishandling invitations in versions before 3.0.99-beta. Public details in NVD and vendor mirrors identify the affected component as part of QueryTree’s invitation handling, with the issue present prior t...
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software from a compromised FTP server, thereby causing malfunctions of the controller.
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download updates to the embedded software from a compromised FTP server, thereby causing service...
The vulnerability of Modicon microprogrammed controllers, related to the use of the Modbus service provided by the REST API, allows a hacker to disclose protected information.
The vulnerability of Modicon controller’s microprogrammed software is related to the use of the Modbus service provided by the REST API. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious entity to download the update without the presence of the software via FTP protocol, thereby causing service failure.
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download updates to the embedded software without any interaction with the software via FTP protocol...
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software with an empty file via FTP protocol, thereby causing a service failure.
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download the embedded software update with an empty file via FTP protocol, thereby causing service...
The vulnerability of Modicon microprogrammed controllers lies in the lack of version checking for installed software updates. This allows a malicious individual to download an unpatched version of the installed software via FTP, thereby causing a service failure.
The vulnerability of Modicon microprogrammed controllers lies in the lack of verification of the version of the embedded software updates. Exploiting this vulnerability allows a malicious actor to download an un-supported version of the embedded software via FTP protocol, thereby causing service...
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. This allows a malicious actor to download the updated embedded software with an invalid web server URL via FTP, thereby causing a service failure.
The vulnerability of Modicon microprogrammed controllers lies in the lack of checks for the integrity of updates to the embedded software. Exploiting this vulnerability allows a malicious actor to download updates to the embedded software via an FTP server without an active web server, thereby...
The vulnerability of Modicon microprogrammed control devices, related to a data processing error in the REST API, allows a perpetrator to trigger a service failure.
The vulnerability of Modicon microprogrammed control devices is related to a data processing error in the REST API. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions...
The vulnerability of Modicon microprogrammed control devices relates to the use of REST API commands for reading registers, which allows attackers to disclose sensitive information.
The vulnerability of Modicon microprogrammed controllers relates to the use of read commands from the REST API registers. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
The vulnerability of Modicon microprogrammed controllers relates to the transmission of confidential information in open text using the FTP protocol, allowing a intruder to disclose the protected information.
The vulnerability of Modicon microprogrammed controllers relates to the transmission of confidential information in open text using the FTP protocol. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...
CVE-2019-6852
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...
Hardcoded credentials
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...
CVE-2019-6852
CVE-2019-6852 refers to an information-exposure vulnerability affecting Schneider Electric Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules). The issue arises from the controller Web server over an...
CVE-2019-6852
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions, which could cause the disclosure of FTP...
Unauthorized Access
github.com/kubernetes-csi/external-provisioner, github.com/kubernetes-csi/external-snapshotter and github.com/kubernetes-csi/external-resizer allows unauthorized access to volume data. The VolumeSnapshotDataSource, ExpandCSIVolumes, and VolumePVCDataSource Kubernetes feature gates in kube-apiserv...
Intel Ethernet 700 Series Controllers Insufficient Access Control Vulnerability
Intel Ethernet 700 Series Controllers are network adapter products from Intel. An Insufficient Access Control vulnerability exists in Intel Ethernet 700 Series Controllers firmware prior to version 7.0. An attacker could exploit this vulnerability to cause a denial of service...
Intel Ethernet 700 Series Controllers Denial of Service Vulnerability
Intel Ethernet 700 Series Controllers are network adapter products from Intel. A denial of service vulnerability exists in Intel Ethernet 700 Series Controllers versions prior to 7.0. The vulnerability stems from insufficient input validation in the controller's i40e driver. An attacker could...
CVE-2019-0145
Buffer overflow in i40e driver for IntelR Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access...