CVE-2016-9364

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server...

Path traversal

An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server...

CVE-2016-9364

CVE-2016-9364 affects Fidelix FX-20 series controllers (versions prior to 11.50.19). The vulnerability is a path traversal weakness that allows an attacker to perform arbitrary file reading, accessing files and directories on the server. Exploitation is described as remote in the ICS-CERT advisor...

Honeywell SCADA Controllers Exposed Passwords in Clear Text

A series of remotely exploitable vulnerabilities exist in a popular web-based SCADA system made by Honeywell that make it easy to expose passwords and in turn, give attackers a foothold into the vulnerable network. The flaws exist in some versions of Honeywell’s XL Web II controllers, systems...

Rockwell Automation Logix5000 Controllers Stack Buffer Overflow Vulnerability

Rockwell Automation is a British company that provides industrial automation control and globalization information.Logix5000 Controllers is the company's controller series. A remote stack buffer overflow vulnerability exists in Rockwell Automation Logix5000 Controllers. An attacker could exploit...

USN-3146-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

USN-3146-2: Linux kernel Xenial HWE vulnerabilities Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description It was discovered that the getuserasmex implementation in the Linux kernel for x86/x8664 contained extended asm statements that were incompatible with the...

CVE-2016-9154

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D All firmware versions V6.00.046 and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U All...

Fidelix FX-20 Series Controllers Directory Traversal Vulnerability

Fidelix FX-20 series controllers are FX-20 series building controller products from Fidelix Finland. A directory traversal vulnerability exists in Fidelix FX-20 series controllers versions prior to 11.50.19, which arises from the program failing to adequately filter user-submitted input. An...

Ubuntu 16.04 LTS : Linux kernel (Raspberry Pi 2) vulnerabilities (USN-3161-3)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3161-3 advisory. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to...

Ubuntu: Security Advisory (USN-3161-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3162-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3162-2)

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service system crash. CVE-2016-6213 Andreas Gruenbacher and Jan Kara discovered that the...

Ubuntu 16.04 LTS : Linux kernel (Qualcomm Snapdragon) vulnerabilities (USN-3161-4)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3161-4 advisory. Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to...

USN-3162-2: Linux kernel (Raspberry Pi 2) vulnerabilities

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service system crash. CVE-2016-6213 Andreas Gruenbacher and Jan Kara discovered that the...

USN-3161-4 linux-snapdragon vulnerabilities

Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information kernel memory. CVE-2015-8964 It was discovered that the Video For Linux Two v4l2 implementation in the Linux kernel d...

CVE-2016-9159

A vulnerability has been identified in SIMATIC S7-300 CPU family All versions, SIMATIC S7-300 CPU family incl. related ET200 CPUs and SIPLUS variants All versions, SIMATIC S7-400 PN/DP V6 and below CPU family incl. SIPLUS variants All versions, SIMATIC S7-400 PN/DP V7 CPU family incl. SIPLUS...

Heap Buffer Overflow Vulnerability in Multiple Delta Electronics Products

Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers PLCs. A heap buffer overflow vulnerability exists in multiple Delta Electronics products. An attacker could exploit this vulnerability to...

SIMATIC S7-300 and S7-400 CPU Denial of Service Vulnerability

SIMATIC S7-300 CPUs and S7-400 CPUs are central processing unit modules for programmable controllers from Siemens. A denial of service vulnerability exists in the SIMATIC S7-300 CPUs and S7-400 CPUs. An attacker could exploit this vulnerability by sending specially crafted packets to cause a deni...

Ubuntu 16.10 : linux vulnerabilities (USN-3147-1)

Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. CVE-2016-7097 Marco Grassi discovered that the driver for Areca RAID...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3145-2)

USN-3145-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel...