90 matches found
PT-2025-26041 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory corruption issue has been identified in the Linux kernel, specifically in the ASoC: SOF: ipc3-topology component. The problem arises from the double freeing of ipc control dat...
The vulnerability of the D-Link DSL-2750B router’s microprogramming software lies in the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.
The vulnerability of the D-Link DSL-2750B router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the login.cgi parameter...
CVE-2022-40816
Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be...
CVE-2022-30317
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...
CVE-2022-30317
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...
CVE-2022-30317
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...
Authentication flaw
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...
CVE-2022-30317
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...
CVE-2022-30317
Summary (CVE-2022-30317, Honeywell Experion LX) : The vulnerability arises from the EpicMo protocol (55565/TCP) used by the Honeywell Experion LX DCS for device diagnostics/maintenance, which exposes unauthenticated functionality. Affected products include Experion LX up to 2022-05-06. The issue ...
The vulnerability of the SCADA system “SKADA-NEV” arises from the storage of critical information in unencrypted form, allowing attackers to gain access to confidential data.
The vulnerability of the SCADA system “SKADA-NEV” is related to the storage of critical information in unencrypted form. Exploiting this vulnerability can allow an intruder to gain access to confidential information...
Fortinet FortiOS Integer Overflow (FG-IR-21-049)
The remote host is running a version of FortiOS prior or equal to 6.0.12, 6.2.x prior or equal to 6.2.9, 6.4.x prior or equal to 6.4.5 or 7.0.0. It is, therefore, affected by an integer overflow vulnerability in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt...
Fortinet FortiOS Integer Overflow Vulnerability
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. Fortinet FortiOS is vulnerable to an integer overflow vulnerability that could be exploited by an attacker to corrupt control data on the heap with a specially...
Protect
An integer overflow or wraparound vulnerability CWE-190 in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution...
The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow allows attackers to perform cross-site scripting attacks.
The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
CVE-2020-15078
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...
Racom 安全漏洞
The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. An OS command injection vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. An attacker can exploit this vulnerabili...
The vulnerability of the Fanuc 32i numerical program-controlled controller, related to the transmission of data in an open manner, allows a intruder to intercept control data and enhance their privileges.
The vulnerability of the Fanuc 32i numerical control controller lies in the transfer of data in an open manner. Exploiting this vulnerability can allow a intruder to intercept the control commands and enhance their privileges...
CVE-2019-18275
OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes...
Linux kernel memory leak vulnerability (CNVD-2019-40157)
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory leak vulnerability exists in the sofsetgetlargectrldata function in sound/soc/sof/ipc.c in Linux kernel 5.3....
CVE-2019-5632
An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for...