PT-2022-24406 · Unknown · Smacam Night Vision Cs-Qr20 +1

Name of the Vulnerable Software and Affected Versions: SmaCam CS-QR10 all versions SmaCam Night Vision CS-QR20 all versions Description: A missing protection mechanism for an alternate hardware interface in the affected products allows an attacker to execute an arbitrary OS command by connecting ...

Apache Geode vulnerable to Deserialization of Untrusted Data

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. ...

GHSA-Q4Q3-R45F-7GWG Apache Geode vulnerable to Deserialization of Untrusted Data

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. ...

Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor 访问控制错误漏洞

The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor is a vital signs patient monitor from Contec Health. The Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor suffers from an Access Control Error vulnerability that originates from a threat actor with transient acce...

CVE-2022-2003

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...

CVE-2022-2003

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...

CVE-2022-2003 AutomationDirect DirectLOGIC with Serial Communication Cleartext Transmission

AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC...

CVE-2022-2003

CVE-2022-2003 affects AutomationDirect DirectLOGIC D0-06 series CPUs (D0-06DD1/2/DR/DA/AR/AA and variants) with serial communication prior to firmware version 2.72. Root cause: a specially crafted serial message to the CPU serial port elicits the PLC to respond with the PLC password in cleartext,...

CVE-2022-37021

Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. ...

Bluetooth + Electrical switchgear

The ongoing rapid growth of Industrial IoT IIoT across all business sectors continues to bring to focus the discrepancies that exist between the approaches to safety and cyber-security on safety critical sites. Safety has been culturally ingrained into all aspects of industrial site operations fo...

DEBIAN-CVE-2020-14394

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service...

PT-2022-7373

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring, allowing a privileged guest user to hang the QEMU process on the...

QEMU 安全漏洞

QEMU Quick Emulator is a set of simulation processor software by Fabrice Bellard, a French individual developer. The software is fast and cross-platform. A security vulnerability exists in QEMU's USB xHCI controller that stems from the presence of an infinite loop flaw. An attacker could exploit...

CVE-2022-36307

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models...

CVE-2022-36307

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models...

CVE-2022-36307

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models...

Design/Logic Flaw

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models...

Eternal Terminal 输入验证错误漏洞

Eternal Terminal is a remote shell by Jason Gauci Personal Developer. A security vulnerability exists in Eternal Terminal versions prior to 6.2.0 that stems from a DoS remotely triggered by an invalid serial number and a local error triggered by invalid input sent directly to an IPC socket...

Sequi PortBloque S 安全漏洞

Sequi PortBloque S is a specialized firewall from Sequi. It protects Modbus devices from serial attacks. A security vulnerability exists in Sequi PortBloque S, which arises from an incorrect authentication issue that can be exploited by an attacker to bypass the authentication process and gain...

Airspan AirVelocity 1500 安全漏洞

The Airspan AirVelocity 1500 is a revolutionary indoor high-performance small cell from Airspan USA. Designed to bring public access LTE networks to indoor spaces A security vulnerability exists in the Airspan AirVelocity 1500 that originates from the ability to print SNMP credentials via a...