127 matches found
CVE-2023-5406
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning...
CVE-2023-5406
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning...
CVE-2023-5406
Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning...
Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under the name Operation...
CVE-2023-7163 D-Link D-View 8 Unauthenticated Probe-Core Server Communication
A security issue exists in D-Link D-View 8 v2.0.2.89 and prior that could allow an attacker to manipulate the probe inventory of the D-View service. This could result in the disclosure of information from other probes, denial of service conditions due to the probe inventory becoming full, or the...
Malicious Package
Overview DiscordsRpc is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on the victim's machine, all...
CVE-2023-33299
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed...
Deserialization of untrusted data
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed...
Fortinet FortiNAC RCE (FG-IR-23-074)
The version of FortiNAC installed on the remote host is prior to 9.4.3. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-074 advisory. - A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows...
CVE-2022-3353 IEC 61850 MMS-Server Vulnerability in multiple Hitachi Energy Products
A vulnerability exists in the IEC 61850 communication stack that affects multiple Hitachi Energy products. An attacker could exploit the vulnerability by using a specially crafted message sequence, to force the IEC 61850 MMS-server communication stack, to stop accepting new MMS-client...
Hitachi FOXMAN-UN 安全漏洞
Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN that stems from the fact that the communication between its client FOXMAN-UN User Interface and server application FOXMAN-UN Core partially uses CORBA...
The vulnerability of the software for interacting with servers via CURL, related to writing beyond the buffer boundary, allows an attacker to access confidential data.
The vulnerability of the software for interacting with servers via CURL is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...
Shinken 授权问题漏洞
Shinken is a modern, Nagios-compatible monitoring framework from the individual developer Gabès Jean. An authorization issue vulnerability exists in Shinken Monitoring version 2.4.3, which stems from incorrect access control.The SafeUnpickler class in shinken/safepickle.py uses a weak...
Server communication timeout error while accessing the vdisk pool after upgrade to 1912 CU5
'Server communication timeout' error while accessing the vdisk pool node in the Citrix Provisioning PVS console after upgrade to 1912 CU5' There were no issues with the other nodes in the PVS Console...
CVE-2022-35629
Velociraptor vulnerability CVE-2022-35629 arises from a bug in client–server message handling, allowing a registered client to send messages that claim to originate from another client ID. The issue was fixed in Velociraptor version 0.6.5-2. Remediation: upgrade to 0.6.5-2 or later to close the i...
CVE-2022-31805
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...
CVE-2022-31805
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected...
GHSA-QFR3-323W-QV27 Possible information disclosure inside TreeGrid component with default data provider
Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...
HP Support Assistant Licensing Issue Vulnerability (CNVD-2022-15171)
HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...
HP Support Assistant Licensing Issue Vulnerability (CNVD-2022-15168)
HP Support Assistant is a solution from Hewlett-Packard HP that provides support and other functions for PCs and printers. HP Support Assistant has an authorization issue vulnerability that stems from the product's failure to effectively authenticate users, which could be exploited by an untruste...