593 matches found
CVE-2021-3965
Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews...
HP DesignJet安全漏洞
HP DesignJet is an American HP company that provides plotter functionality. A security vulnerability exists in HP DesignJet that stems from the fact that certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests that allow viewing and downloading of print job previews...
GHSA-WRX7-QGMJ-MF2Q Server-Side Request Forgery in Apache Kylin
All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...
CVE-2021-41157
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...
CVE-2021-34593
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing...
Design/Logic Flaw
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing...
CVE-2021-34593 CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service
In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing...
CODESYS 安全漏洞
CODESYS is a controller development system from 3S-Smart Software Solutions, Germany. A security vulnerability exists in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56, which stems from a crafted invalid request without authentication in the affected software may...
PT-2021-20569 · 3S Smart Software Solutions · Codesys V2 Runtime Toolkit
Name of the Vulnerable Software and Affected Versions: CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56 Description: The issue allows unauthenticated crafted invalid requests to result in several denial-of-service conditions. This can cause running PLC programs to b...
Digi RealPort has an unspecified vulnerability
Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol.A security vulnerability exists in Digi RealPort that could be exploited by an attacker to...
Digi RealPort 安全漏洞
Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol.A security vulnerability exists in Digi RealPort that could be exploited by an attacker to...
PT-2021-22116 · Digi · Digi Portserver Ts 16 Rack
Name of the Vulnerable Software and Affected Versions: Digi PortServer TS 16 Rack device affected versions not specified Description: The issue concerns the Digi PortServer TS 16 Rack device, where properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers do not...
CVE-2021-38412
Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...
CVE-2021-38177
SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP syst...
PT-2021-18249 · October · October/System
Name of the Vulnerable Software and Affected Versions: october/system package versions prior to v1.1.5 october/system package versions prior to Build 472 Description: The issue allows an attacker to bypass authentication and take over a user account on an October CMS server. This can be exploited...
Cisco Meeting Server 输入验证错误漏洞
Cisco Meeting Server is a video conferencing solution from Cisco that combines place-based video, audio, and Web communications to meet the collaboration needs of the modern workplace. A denial of service vulnerability exists in the API for Cisco Meeting Server versions 3.1, 3.1.1. The...
AZL-6473 CVE-2019-17567 affecting package httpd for versions less than 2.4.52-1
Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...
UBUNTU-CVE-2020-28713
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...
CVE-2020-4561
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903...
Apache Ozone 访问控制错误漏洞
Apache Ozone is a scalable, redundant and distributed object store for Hadoop and cloud-native environments. An authorization issue vulnerability exists in Apache Ozone Cluster versions prior to 1.1.0 related to the affected version allowing access to keys and buckets via curl commands or...