CVE-2022-23450

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the...

Path traversal

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the...

CVE-2022-23449

Siemens SIMATIC Energy Manager Basic (all versions < 7.3 Update 1) and PRO (all versions

CVE-2022-23448

CVE-2022-23448 affects Siemens SIMATIC Energy Manager Basic (all versions < v7.3 Update 1) and SIMATIC Energy Manager PRO (all versions

多款Qualcomm产品安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. a way of miniaturizing circuits including primarily semiconductor devices, but also passive components, etc. and is often fabricated on the surface of semiconductor wafers. A security vulnerability exists in multiple Qualcomm products that...

CVE-2021-27426

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

The vulnerability of BIOS microprogramming software in Dell laptops arises from an operation that goes beyond buffer boundaries in memory, allowing a hacker to execute arbitrary code.

The vulnerability of BIOS microprogramming software in Dell laptops arises from operations that occur outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2022-25456

Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the security5g parameter in the WifiBasicSet function...

CVE-2022-25456

Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the security5g parameter in the WifiBasicSet function...

Format string

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm formerly Fuji Xerox devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization...

CVE-2022-26320

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm formerly Fuji Xerox devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization...

HP PC 安全漏洞

HP PC is a computer product of Hewlett-Packard HP Company, USA. A security vulnerability exists in the HP PC BIOS that allows privilege escalation, arbitrary code execution, unauthorized code execution, denial of service, and information disclosure...

DEBIAN-CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

The vulnerability of the Microsoft Visual Basic development environment and the Microsoft Office suite relates to the disclosure of information in the error-prone data area, allowing the disclosure of protected information.

The vulnerability of the Microsoft Visual Basic development environment and the Microsoft Office suite is related to the disclosure of sensitive information in error-prone data areas. Exploiting this vulnerability can allow attackers to disclose protected information...

ruby: BasicSocket#read_nonblock method leads to information disclosure

An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocketreadnonblockrequestedsize, buffer, exception: false, the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous valu...

Denial Of Service (DoS)

Brandy is vulnerable to denial of service. An attacker can cause a heap-based buffer overflow in definearray in variables.c via crafted BASIC source code...

Out-of-bounds Write

Brandy is vulnerable to an out-of-bounds write. This is caused by the fileioopenout function in fileio.c receiving a malicious string via crafted BASIC source code...

net.mingsoft:ms-ad (=1.0.0), net.mingsoft:ms-clean (>=1.0.0 <=1.0.1) +23 more potentially affected by CVE-2021-46062 via net.mingsoft:ms-basic (>=1.0.10 <=2.1.15)

net.mingsoft:ms-basic MAVEN version =1.0.10, =1.0.0, =1.0.4, =1.0.0, =4.6.3-SNAPSHOTS, =1.0.0, =1.0.4, =1.0.0, =1.0.1, =1.0.1, =1.0.2 and more Source cves: CVE-2021-46062 Source advisory: OSV:GHSA-RPVR-MW7R-25XX...

GHSA-RPVR-MW7R-25XX MCMS Arbitrary File Deletion vulnerability

net.mingsoft:ms-basic is used for plugin management for applications built with Maven for the Mingfei Content Management System MCMS. ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to /template/writeFileContent via the oldFileName parameter. MCMS before 5.2.11...

MCMS Arbitrary File Deletion vulnerability

net.mingsoft:ms-basic is used for plugin management for applications built with Maven for the Mingfei Content Management System MCMS. ms-basic before 2.1.16 is vulnerable to arbitrary file deletion using POST requests to /template/writeFileContent via the oldFileName parameter. MCMS before 5.2.11...