Lucene search
K

44 matches found

OSV
OSV
added 2023/12/13 11:15 a.m.4 views

CVE-2023-6381

Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file file with SMB extension to a user via a link or email attachment and persuade the user to open the file...

5.5CVSS5.8AI score0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.5 views

PT-2023-32636 · Unknown · Supermailer

Name of the Vulnerable Software and Affected Versions: Newsletter Software SuperMailer version 11.20.0.2204 Description: The issue is related to improper input validation, which can be exploited by sending a malicious configuration file with an SMB extension to a user via a link or email...

5.5CVSS5.2AI score0.0022EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/12/08 12:0 a.m.9 views

The vulnerability of the GE Proficy HMI/SCADA iFIX software control system lies in improper code generation, which allows attackers to gain full control over the software.

The vulnerability of the GE Proficy HMI/SCADA iFIX supervisory control software lies in improper code generation. Exploiting this vulnerability can allow an attacker to gain full control over the software by introducing a malicious configuration file into the expected web server execution path...

10CVSS8AI score0.00571EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/11 12:0 a.m.2 views

PT-2023-6557 · Siemens · Tia Portal

Name of the Vulnerable Software and Affected Versions: Totally Integrated Automation Portal TIA Portal versions V15 through V18 Update 1, with the following specifics: TIA Portal versions V15 TIA Portal versions V16 through V16 Update 7 TIA Portal versions V17 through V17 Update 6 TIA Portal...

7.8CVSS7.3AI score0.00249EPSS
Exploits0References6
Prion
Prion
added 2022/11/24 10:15 a.m.10 views

Path traversal

A path traversal vulnerability was discovered in multiple Pilz products. An unauthenticated local attacker could use a zipped, malicious configuration file to trigger arbitrary file writes 'zip-slip'. File writes do not affect confidentiality or availability...

1.9CVSS5.5AI score0.00222EPSS
Exploits0References2Affected Software5
Cvelist
Cvelist
added 2022/11/24 9:20 a.m.13 views

CVE-2022-40977 PILZ: PASvisu and PMI affected by ZipSlip

A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes 'zip-slip'. File writes do not affect confidentiality or availability...

7.5CVSS7.8AI score0.00859EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/07/20 12:0 a.m.4 views

PT-2022-21768

Name of the Vulnerable Software and Affected Versions ICONICS GENESIS64 versions 10.97.1 and prior Mitsubishi Electric MC Works64 versions 4.04E 10.95.210.01 and prior Description The issue allows an unauthenticated attacker to execute arbitrary malicious code by leading a user to load a project...

7.8CVSS7.9AI score0.00443EPSS
Exploits0References9
Huntr
Huntr
added 2021/12/12 8:29 p.m.41 views

in pytorchlightning/pytorch-lightning

Description There is untrusted YAML Deserialization vulnerability on PyTorchLightning Github repository. PyTorchLightning's saving.py core.saving.loadhparamsfromyaml functionality is calling "yaml.UnsafeLoader" from pyyaml Python library which is not secure method. Because of that, maliciously...

6.8CVSS1AI score0.00978EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.6 views

Schneider Electric Eurotherm by Schneider Electric GUIcon 缓冲区错误漏洞

Schneider Electric Eurotherm by Schneider Electric GUIcon is a suite of graphical user interface programming software from Schneider Electric France. Schneider Electric Eurotherm by Schneider Electric GUIcon suffers from a buffer error vulnerability that originates when a malicious .gd1...

7.8CVSS8AI score0.00814EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/11/09 12:0 a.m.7 views

Schneider Electric Eurotherm by Schneider Electric GUIcon 缓冲区错误漏洞

Schneider Electric Eurotherm by Schneider Electric GUIcon is a graphical user interface programming software from Schneider Electric France. Schneider Electric GUIcon suffers from a buffer overflow vulnerability that originates when a malicious .gd1 configuration file is loaded into the GUIcon...

5.5CVSS6.4AI score0.00647EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/08/26 10:21 a.m.4 views

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

9.8CVSS7.3AI score0.03612EPSS
Exploits1References4
OSV
OSV
added 2021/06/11 4:15 p.m.1 views

CVE-2021-22759

A CWE-416: Use after free vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a malicious CGF file is imported to IGSS Definition...

7.8CVSS7.7AI score
Exploits0References1
OSV
OSV
added 2021/06/11 4:15 p.m.4 views

CVE-2021-22755

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on user-supplied data, when a malicious CGF file is imported to IGSS Definition...

7.8CVSS7.7AI score
Exploits0References1
OSV
OSV
added 2021/06/11 4:15 p.m.4 views

CVE-2021-22756

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition Def.exe V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation, when a malicious CGF file is imported to IGSS Definition...

7.8CVSS6.3AI score0.01265EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/08 12:0 a.m.5 views

Schneider Electric IGSS 缓冲区错误漏洞

The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. An out-of-bounds write vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The...

7.8CVSS6.2AI score0.01172EPSS
Exploits0References6
OSV
OSV
added 2021/03/11 9:15 p.m.5 views

CVE-2021-22710

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System IGSS Definition Def.exe V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF Configuration Group File file is imported to IGS...

7.8CVSS7.6AI score0.02EPSS
Exploits0References2
Snyk
Snyk
added 2021/01/14 1:2 p.m.4 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context. P...

9.8CVSS9AI score0.02142EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2021/01/06 1:15 a.m.5 views

CVE-2020-36167

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, whi...

9.3CVSS6.3AI score0.00462EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.10 views

Schneider Electric Interactive Graphical SCADA System Buffer Error Vulnerability

The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer error vulnerability that stems...

7.8CVSS7.8AI score0.02395EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.9 views

Schneider Electric Interactive Graphical SCADA System Buffer Error Vulnerability

The Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. The Interactive Graphical SCADA System suffers from a buffer error vulnerability that stems...

7.8CVSS7.8AI score0.02374EPSS
Exploits0References5
Rows per page
Query Builder