CVE-2021-20827

CVE-2021-20827 describes plaintext storage of a password vulnerability in IDEC PLCs, allowing an attacker to obtain PLC Web server credentials from SD cards (ZLD files) or file backups and potentially hijack the PLC. Affected products and versions include IDEC FC6A/MICROSmart All-in-One CPU Modul...

IDEC PLC安全漏洞

The IDEC PLC is a programmable controller. A security vulnerability exists in the IDEC PLC that could allow an attacker to obtain PLC web server user credentials from the communication between the PLC and the software. The following products and versions are affected: FC6A Series MICROSmart...

F-Secure Anti-Virus 安全漏洞

F-secure F-Secure Anti-Virus is a suite of antivirus software from the Finnish company F-Secure F-secure. The program integrates several virus monitoring engines for real-time virus scanning of the operating system and provides powerful background management features. A security vulnerability...

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal leading to code execution.

...

Beckhoff Ipc Improper Input Validation

TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacker needs to send several specifically crafted requests to the running OPC UA server. After some of...

Rockwellautomation Factorytalk Exposure of Sensitive Information to an Unauthorized Actor

All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within...

[SECURITY] Fedora 33 Update: trace-cmd-2.9.2-2.fc33

trace-cmd is a user interface to Ftrace. Instead of needing to use the debugfs directly, trace-cmd will handle of setting of options and tracers and will record into a data file...

trousers: tss user can be used to create or corrupt existing files, this could lead to DoS

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...

CVE-2021-3210

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter...

CVE-2021-3210

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter...

Design/Logic Flaw

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound = 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter...

VulnCheck KEV: CVE-2014-3914

Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager TSM in Rocket ServerGraph 1.2 allows remote attackers to 1 create arbitrary files via a .. dot dot in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a...

sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c

An integer overflow vulnerability was found in sysstat in the way the sadf command processes the contents of data files created by the sar command. A local attacker could exploit this flaw by creating a specially crafted file with malformed data that, when loaded by a victim, causes the applicati...

Trend Micro Apex One Remote Code Execution Vulnerability

Trend Micro Apex One is an endpoint protection solution that offers the broadest range of protection capabilities, including high-accuracy machine learning and advanced ransomware protection. A remote code execution vulnerability exists in DAT file parsing in the ServerMigrationTool component of...

UBUNTU-CVE-2020-24332

An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack...

FarSite Communications FarLinX X25 Gateway OS Command Injection Vulnerability

FarSite Communications FarLinX X25 Gateway is a gateway product from FarSite Communications, UK. It features a browser interface, online statistics set, connection logging, active session display and status change alerts. FarSite Communications FarLinX X25 Gateway 2014-09-25 and prior versions of...

Linux: Mount data file partitions, CD/DVD, and USB partitions in noexec mode

Mounting data file partitions in noexec mode can make all files in the partitions nonexecutable, thus preventing security risks. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

The vulnerability of the CNCSoft ScreenEditor, caused by buffer overflow in the stack, allows a hacker to execute arbitrary code.

The vulnerability of the CNCSoft ScreenEditor arises from buffer overflow on the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system by having the user open a specially created DPB file...

Denial of Service Vulnerability in NAop401 of Nanda Aotuo Technology (CNVD-2020-21832)

NAop401 is an OP series text screen design tool. NAop401 has a denial of service vulnerability that can be exploited by an attacker to cause a program crash by constructing a malformed evp file...

Outlook profile fails to load with Error: "Your Outlook data file cannot be configured."

Outlook profile fails to load with error "Your Outlook data file cannot be configured. C:\Users\AppData\Local\Microsoft\Outlook\ - OFFICE365.OST...