CVE-2022-49518

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Correct getcontroldata for non bytes payload It is possible to craft a topology where sofgetcontroldata would do out of bounds access because it expects that it is only called when the payload is bytes...

The vulnerability of the OPC Server implementation in MIR and SCADA systems, related to the transmission of data in an open manner, allows attackers to disclose protected information.

The vulnerability of the OPC Server implementation and the MIIR SCADA system is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/smc: Check the return value of sockrecvmsg when draining CLC data. When receiving a CLC message, the field fieldlength in smcclcmsghhdr indicates the length of the message that should be received from the network. This value...

CVE-2021-26109

An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution...

CVE-2021-26112

Multiple stack-based buffer overflow vulnerabilities CWE-121 both in network daemons and in the command line interpreter of FortiWAN before 4.5.9 may allow an unauthenticated attacker to potentially corrupt control data in memory and execute arbitrary code via specifically crafted requests...

Fortinet Fortigate Integer overflow in SSLVPN allocator (FG-IR-21-049)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-049 advisory. - An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an...

TOTOLINK A3600R cstecgi.cgi file setTelnetCfg function command injection vulnerability

TOTOLINK A3600R is a 6-antenna 1200M wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3600R suffers from a command injection vulnerability that originates from improper handling of the telnetenabled parameter in the setTelnetCfg function of the /cgi-bin/cstecgi.cgi file. An...

The vulnerability of the GPU-based terminal emulator protocol implementation, related to the lack of measures taken to clean data at the control level, allows a perpetrator to execute arbitrary code.

The vulnerability of the GPU-based terminal emulator protocol implementation is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending specially crafted requests within the filename variable...

Triangle MicroWorks SCADA Data Gateway 安全漏洞

Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product from Triangle MicroWorks, Inc. A security vulnerability exists in Triangle MicroWorks SCADA Data Gateway that originates from a specific flaw in workspace files that allows remote attackers to create arbitrary files...

GHSA-3CH3-JHC6-5R8X yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection

Impact The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. To pass extra control data between...

The vulnerability of the get_config component of the data exchange software between SCADA systems, such as Triangle MicroWorks SCADA Data Gateway (SDG), allows a intruder to bypass security restrictions and gain unauthorized access to the system.

The vulnerability of the getconfig component of the data exchange software between SCADA systems is related to deficiencies in authentication procedures. Exploiting this vulnerability allows an intruder to bypass security restrictions and gain unauthorized access to the system...

PT-2023-17268 · Candlepin · Candlepin

Name of the Vulnerable Software and Affected Versions: Candlepin affected versions not specified Description: An improper access control flaw was found in Candlepin, allowing an attacker to create data scoped under another customer or tenant. This can result in loss of confidentiality and...

Critical Security Flaws Uncovered in Honeywell Experion DCS and QuickBlox Services

Multiple security vulnerabilities have been discovered in various services, including Honeywell Experion distributed control system DCS and QuickBlox, that, if successfully exploited, could result in severe compromise of affected systems. Dubbed Crit.IX, the nine flaws in the Honeywell Experion D...

The vulnerability of the console-based graphic editor ImageMagick arises from the lack of data cleaning at the control level when processing parameters like video:vsync or video:pixel-format. This allows an attacker to execute arbitrary commands.

The vulnerability of the console-based graphic editor ImageMagick is related to the lack of measures taken at the control level when processing parameters like video:vsync or video:pixel-format. Exploiting this vulnerability allows an attacker to execute arbitrary commands using specially created...

The vulnerability of the WebMonitor component in the SCADA system’s SCADA Data Gateway (SDG) allows a intruder to bypass authentication procedures and increase their privileges.

The vulnerability of the WebMonitor component in the SCADA system, specifically the SCADA Data Gateway SDG, is related to the lack of authentication for a critical function. Exploiting this vulnerability allows an intruder to bypass the authentication procedures and enhance their privileges by...

CVE-2023-1934

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and...

SUSE CVE-2009-4902

Buffer overflow in the MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite 1.5.4 and earlier might allow local users to gain privileges via crafted SCARDCONTROL message data, which is improperly demarshalled. NOTE: this vulnerability exists...

SUSE CVE-2015-7560

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL...

kernel: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via loadbytes We have sanity checks for byte controls and if any of the fail the locally allocated scontrol-ipccontroldata is freed up, but not set to NULL. On a...

kernel: ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc3-topology: Prevent double freeing of ipccontroldata via loadbytes We have sanity checks for byte controls and if any of the fail the locally allocated scontrol-ipccontroldata is freed up, but not set to NULL. On a...