724 matches found
CVE-2023-27979
A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affecte...
CVE-2023-27981
CVE-2023-27981 targets Schneider Electric IGSS components: IGSS Data Server (IGSSdataServer.exe) v16.0.0.23040 and prior, IGSS Dashboard (DashBoard.exe) v16.0.0.23040 and prior, and Custom Reports (RMS16.dll) v16.0.0.23040 and prior. It is a CWE-22 path traversal vulnerability in the Custom Repor...
Schneider Electric IGSS Data Server Access Control Error Vulnerability (CNVD-2023-29375)
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. An access control error vulnerability exists in Schneider Electric IGSS Data Server, which could be exploited by an attacker to create malicious report files in the IGSS...
Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which can be exploited by an attacker to cause a denial of service by sending a specific craft...
Schneider Electric IGSS Data Server Code Issue Vulnerability
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. A code issue vulnerability exists in Schneider Electric IGSS Data Server, which can be exploited by attackers to cause remote code execution...
Schneider Electric IGSS Data Server Path Traversal Vulnerability
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. A path traversal vulnerability exists in Schneider Electric IGSS Data Server, which can be exploited by attackers to cause remote code execution...
Schneider Electric IGSS Data Server Input Validation Error Vulnerability
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to an input validation error, which could be exploited by an attacker to cause remote code execution...
Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability (CNVD-2023-29373)
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to send specific crafted messages to the data server T...
Schneider Electric IGSS Data Server Data Forgery Issue Vulnerability (CNVD-2023-29371)
Schneider Electric IGSS Data Server is a data server for the interactive graphical Scada system from Schneider Electric France. Schneider Electric IGSS Data Server is vulnerable to a data forgery issue, which could be exploited by an attacker to gain access to delete files in the IGSS project...
The vulnerability of the SCADA system’s data server, IGSS Data Server, allows a intruder to execute arbitrary code.
The vulnerability of the IGSS Data Server SCADA system’s data server is related to the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary codes remotely...
PT-2023-1855 · Unknown · Igss Dashboard +2
Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior Description: A vulnerability exists in Custom Reports due to improper limitation of a pathname to a...
PT-2023-1871 · Unknown · Igss Dashboard +2
Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior Description: The issue exists due to insufficient input validation in the Custom Reports component ...
PT-2023-1688 · Unknown · Igss Dashboard +2
Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior Description: A Missing Authentication for Critical Function issue exists in the Data Server TCP...
PT-2023-1873 · Unknown · Igss Dashboard +2
Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions 16.0.0.23040 and prior IGSS Dashboard versions 16.0.0.23040 and prior Custom Reports versions 16.0.0.23040 and prior Description: A Deserialization of Untrusted Data issue exists in the Dashboard module, potentially...
PT-2023-1870 · Unknown · Igss Dashboard +2
Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions V16.0.0.23040 and prior IGSS Dashboard versions V16.0.0.23040 and prior Custom Reports versions V16.0.0.23040 and prior Description: The issue is related to insufficient verification of data authenticity, which could...
PT-2023-1874 · Unknown · Igss Dashboard +2
Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions V16.0.0.23040 and prior IGSS Dashboard versions V16.0.0.23040 and prior Custom Reports versions V16.0.0.23040 and prior Description: The issue is related to the absence of authentication for a critical function in th...
SUSE CVE-2007-3257
Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...
SUSE CVE-2009-0582
The ntlmchallenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server aka evolution-data-server 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount o...
SUSE CVE-2009-0587
Multiple integer overflows in Evolution Data Server aka evolution-data-server before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in 1 addressbook/libebook/e-vcard.c in evc or 2 camel/camel-mime-utils.c in libcam...
SUSE CVE-2011-3355
evolution-data-server3 3.0.3 through 3.2.1 used insecure non-SSL connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim...