Lucene search
K

127 matches found

NVD
NVD
added 2024/04/17 5:15 p.m.19 views

CVE-2023-5406

Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning...

5.9CVSS6.6AI score0.0069EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/17 4:47 p.m.21 views

CVE-2023-5406

Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning...

5.9CVSS6.5AI score0.0069EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/17 4:47 p.m.19 views

CVE-2023-5406

Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning...

5.9CVSS7.8AI score0.0069EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/04/13 8:25 a.m.110 views

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under the name Operation...

10CVSS9.9AI score0.99999EPSS
Exploits43
Cvelist
Cvelist
added 2023/12/28 3:37 p.m.23 views

CVE-2023-7163 D-Link D-View 8 Unauthenticated Probe-Core Server Communication

A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the...

10CVSS9.5AI score0.01673EPSS
Exploits1References1
Snyk
Snyk
added 2023/10/11 9:0 p.m.2 views

Malicious Package

Overview DiscordsRpc is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on the victim's machine, all...

9.8CVSS7.4AI score
Exploits0References2
NVD
NVD
added 2023/06/23 8:15 a.m.32 views

CVE-2023-33299

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed...

9.8CVSS9.7AI score0.24296EPSS
Exploits0References1
Prion
Prion
added 2023/06/23 8:15 a.m.20 views

Deserialization of untrusted data

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed...

7.5CVSS9.5AI score0.24296EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/23 12:0 a.m.34 views

Fortinet FortiNAC RCE (FG-IR-23-074)

The version of FortiNAC installed on the remote host is prior to 9.4.3. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-074 advisory. - A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows...

9.8CVSS9.1AI score0.24296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/21 1:50 p.m.6 views

CVE-2022-3353 IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products

A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client...

5.9CVSS7.4AI score0.01105EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/01/05 12:0 a.m.7 views

Hitachi FOXMAN-UN 安全漏洞

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN that stems from the fact that the communication between its client FOXMAN-UN User Interface and server application FOXMAN-UN Core partially uses CORBA...

9.8CVSS8.3AI score0.00389EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/11/22 12:0 a.m.6 views

The vulnerability of the software for interacting with servers via CURL, related to writing beyond the buffer boundary, allows an attacker to access confidential data.

The vulnerability of the software for interacting with servers via CURL is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

7.1CVSS7.1AI score0.06762EPSS
Exploits1References11Affected Software5
CNNVD
CNNVD
added 2022/10/20 12:0 a.m.4 views

Shinken 授权问题漏洞

Shinken is a modern, Nagios-compatible monitoring framework from the individual developer Gabès Jean. An authorization issue vulnerability exists in Shinken Monitoring version 2.4.3, which stems from incorrect access control.The SafeUnpickler class in shinken/safepickle.py uses a weak...

9.8CVSS8.3AI score0.01991EPSS
Exploits2References3
Citrix
Citrix
added 2022/08/05 12:0 a.m.6 views

Server communication timeout error while accessing the vdisk pool after upgrade to 1912 CU5

'Server communication timeout' error while accessing the vdisk pool node in the Citrix Provisioning PVS console after upgrade to 1912 CU5' There were no issues with the other nodes in the PVS Console...

7.1AI score
Exploits0
CVE
CVE
added 2022/07/29 5:0 p.m.77 views

CVE-2022-35629

Velociraptor vulnerability CVE-2022-35629 arises from a bug in client–server message handling, allowing a registered client to send messages that claim to originate from another client ID. The issue was fixed in Velociraptor version 0.6.5-2. Remediation: upgrade to 0.6.5-2 or later to close the i...

5.4CVSS5.5AI score0.0041EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/06/24 8:15 a.m.7 views

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

7.5CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/23 10:0 a.m.2 views

CVE-2022-31805

In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...

7.5CVSS5.3AI score0.00951EPSS
Exploits0References2Affected Software12
OSV
OSV
added 2022/05/25 10:40 p.m.1 views

GHSA-QFR3-323W-QV27 Possible information disclosure inside TreeGrid component with default data provider

Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...

5.7CVSS7.1AI score0.00915EPSS
Exploits0References5
CNVD
CNVD
added 2022/02/21 12:0 a.m.13 views

HP Support Assistant Licensing Issue Vulnerability (CNVD-2022-15171)

HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...

5.5CVSS3.3AI score0.00843EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/21 12:0 a.m.17 views

HP Support Assistant Licensing Issue Vulnerability (CNVD-2022-15168)

HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...

7.8CVSS3.3AI score0.00851EPSS
Exploits0References1
Rows per page
Query Builder