Design/Logic Flaw

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a...

Out-of-bounds

A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

Out-of-bounds

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

Design/Logic Flaw

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends...

CVE-2022-24317

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

CVE-2022-24317

Schneider Electric IGSS Data Server (v15.0.0.22020 and earlier) contains a Missing Authorization vulnerability (CWE-862) that could expose information when a specially crafted message is sent. Multiple sources (CVE records, Red Hat advisory RH:CVE-2022-24317, ZDI-22-324, CNVD-2022-13072, ICSA-22-...

CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

CVE-2022-24315

CVE-2022-24315 is an Out-of-bounds Read vulnerability in Schneider Electric IGSS Data Server (v15.0.0.22020 and earlier) that could cause denial of service when a client repeatedly sends specially crafted messages. Roots cause: memory read past buffer boundary in IGSSDataServer; CVSSv3 base score...

CVE-2022-24312

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a...

CVE-2022-24311

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends...

CVE-2022-24312

Schneider Electric IGSS Data Server (IGSSdataServer.exe) v15.0.0.22020 and earlier is affected by CVE-2022-24312, a CWE-22 path traversal vulnerability that could allow modification of existing files or creation of new files in the Data Server context, potentially enabling remote code execution w...

CVE-2022-24311

Schneider Electric IGSS Data Server (v15.0.0.22020 and earlier) includes a CWE-22 path traversal vulnerability that can modify an existing file or create a new one in the Data Server context, potentially enabling remote code execution when a specially crafted message is sent. The Red Hat/ICSA adv...

CVE-2022-24310

CVE-2022-24310 affects Schneider Electric IGSS Data Server (v15.0.0.22020 and prior). Root cause: CWE-190 integer overflow/wraparound that can cause a heap-based buffer overflow, enabling denial of service and potentially remote code execution when processing multiple specially crafted messages. ...

AlmaLinux 8 : evolution (ALSA-2021:1752)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1752 advisory. - In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid e.g., minimal...

Interactive Graphical SCADA System Data Server 缓冲区错误漏洞

The Schneider Electric Interactive Graphical Scada System is a Scada system for monitoring industrial processes from Schneider Electric, France. An out-of-bounds read vulnerability exists in the Schneider Electric Interactive Graphical Scada System, which can be exploited by an attacker to cause ...

Schneider Electric Interactive Graphical SCADA System 路径遍历漏洞

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A path traversal vulnerability exists in the Schneider Electric Interactive Graphical SCADA...

Schneider Electric Interactive Graphical SCADA System 路径遍历漏洞

The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A path traversal vulnerability exists in the Schneider Electric Interactive Graphical SCADA...

AlmaLinux 8 : evolution (ALSA-2020:4649)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4649 advisory. - evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a begin TLS response, eds reads additiona...

Mageia: Security Advisory (MGASA-2013-0245)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2020-0351)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...