CVE-2020-7562

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...

CVE-2020-7562

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...

CVE-2020-7564

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause write access and the execution o...

CVE-2020-7564

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause write access and the execution o...

CVE-2020-7563

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...

Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 Buffer Error Vulnerability

The Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 are both products of Schneider Electric, France.The Schneider Electric Modicon Quantum is a large programmable logic controller PLC for The Schneider Electric Modicon Quantum is a large programmable logic controller PLC fo...

Multiple Schneider Electric Products Buffer Error Vulnerabilities

Schneider Electric Modicon Quantum and others are products of Schneider Electric, France.Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process applications, high availability and safety solutions.Schneider Electric Modicon M340 is a mid-range PLC programmable...

Multiple Schneider Electric Products Buffer Error Vulnerabilities

Schneider Electric Modicon Quantum and others are products of Schneider Electric, France.Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process applications, high availability and safety solutions.Schneider Electric Modicon M340 is a mid-range PLC programmable...

PT-2020-6658

Name of the Vulnerable Software and Affected Versions Modicon M340 versions affected versions not specified Modicon Quantum versions affected versions not specified Modicon Premium Legacy versions affected versions not specified Communication Modules versions affected versions not specified...

Design/Logic Flaw

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120ENCPU Firmware versions from '35' to '51' allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may...

Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software

ModPipe, a previously unknown backdoor, has been purpose-built to attack restaurant point-of-sale PoS solutions from Oracle. It’s notable for its unusual sophistication, according to researchers, evidenced by its multiple modules. The code is specifically taking aim at the Oracle MICROS Restauran...

CVE-2020-12926

The Trusted Platform Modules TPM reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device...

Design/Logic Flaw

The Trusted Platform Modules TPM reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device...

CVE-2020-12926

The Trusted Platform Modules TPM reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM may be able to be compromised. AMD believes that the attack requires physical access of the device...

CVE-2020-12926

The CVE-2020-12926 entry describes a TPM-related issue where the TPM reference software may fail to properly track repeated failed shutdowns, potentially enabling a state that could expose confidential TPM key material. The attack is indicated to require physical access (power cycling) and could ...

CVE-2020-12321

A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation. Mitigation To mitigate these vulnerabilities on the operating system level, disab...

Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs

A massive Intel security update this month addresses flaws across a myriad of products – most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges. These critical flaws exist in products related to Wireless Bluetooth – including...

New worming botnet Gitpaste-12 infecting IoT devices, Linux servers

By Waqas Gitpaste-12 uses GitHub and Pastebin for framing the component code and has 12 different attack modules. This is a post from HackRead.com Read the original post: New worming botnet Gitpaste-12 infecting IoT devices, Linux servers...

In Wild Critical Buffer Overflow Vulnerability in Solaris Can Allow Remote Takeover — CVE-2020-14871

FireEye Mandiant has been investigating compromised Oracle Solaris machines in customer environments. During our investigations, we discovered an exploit tool on a customer’s system and analyzed it to see how it was attacking their Solaris environment. The FLARE team’s Offensive Task Force analyz...

5.30 metadata for the Rocky Linux 8 module matrix (2/3)

An update is available for perl-DBD-Pg, perl-DBI, perl-DBD-SQLite, perl-YAML, perl-FCGI, perl-DBD-MySQL, perl-String-ShellQuote. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...