Lucene search
K

90 matches found

Positive Technologies
Positive Technologies
added 2022/11/08 12:0 a.m.8 views

PT-2025-26041 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory corruption issue has been identified in the Linux kernel, specifically in the ASoC: SOF: ipc3-topology component. The problem arises from the double freeing of ipc control dat...

8.8CVSS6.6AI score0.12746EPSS
Exploits46References993
BDU FSTEC
BDU FSTEC
added 2022/11/02 12:0 a.m.6 views

The vulnerability of the D-Link DSL-2750B router’s microprogramming software lies in the lack of measures taken to clean data at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the D-Link DSL-2750B router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the login.cgi parameter...

10CVSS8.3AI score0.6043EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/27 3:27 p.m.7 views

CVE-2022-40816

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be...

6.1AI score0.00652EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/31 4:15 p.m.4 views

CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

9.1CVSS7.3AI score0.00746EPSS
Exploits0References3
NVD
NVD
added 2022/08/31 4:15 p.m.15 views

CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

9.1CVSS0.00746EPSS
Exploits0References2
OSV
OSV
added 2022/08/31 4:15 p.m.3 views

CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

9.1CVSS5.8AI score0.00746EPSS
Exploits0References2
Prion
Prion
added 2022/08/31 4:15 p.m.22 views

Authentication flaw

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

6.4CVSS9.2AI score0.00746EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/31 3:22 p.m.26 views

CVE-2022-30317

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access CDA EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell...

9.6AI score0.00746EPSS
Exploits0References2
CVE
CVE
added 2022/08/31 3:22 p.m.72 views

CVE-2022-30317

Summary (CVE-2022-30317, Honeywell Experion LX) : The vulnerability arises from the EpicMo protocol (55565/TCP) used by the Honeywell Experion LX DCS for device diagnostics/maintenance, which exposes unauthenticated functionality. Affected products include Experion LX up to 2022-05-06. The issue ...

9.1CVSS9.3AI score0.00746EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/02 12:0 a.m.5 views

The vulnerability of the SCADA system “SKADA-NEV” arises from the storage of critical information in unencrypted form, allowing attackers to gain access to confidential data.

The vulnerability of the SCADA system “SKADA-NEV” is related to the storage of critical information in unencrypted form. Exploiting this vulnerability can allow an intruder to gain access to confidential information...

7.8CVSS5.5AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/01/14 12:0 a.m.57 views

Fortinet FortiOS Integer Overflow (FG-IR-21-049)

The remote host is running a version of FortiOS prior or equal to 6.0.12, 6.2.x prior or equal to 6.2.9, 6.4.x prior or equal to 6.4.5 or 7.0.0. It is, therefore, affected by an integer overflow vulnerability in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt...

9.8CVSS8.7AI score0.01823EPSS
Exploits0References2
CNVD
CNVD
added 2021/12/14 12:0 a.m.17 views

Fortinet FortiOS Integer Overflow Vulnerability

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. Fortinet FortiOS is vulnerable to an integer overflow vulnerability that could be exploited by an attacker to corrupt control data on the heap with a specially...

9.8CVSS3.6AI score0.01823EPSS
Exploits0References1
Fortinet
Fortinet
added 2021/12/07 12:0 a.m.28 views

Protect

An integer overflow or wraparound vulnerability CWE-190 in FortiOS SSLVPN memory allocator may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbitrary code execution...

7.5CVSS9.5AI score0.01823EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/10/21 12:0 a.m.5 views

The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow allows attackers to perform cross-site scripting attacks.

The vulnerability of the “bdate” parameter in the xhisvalue.htm component of the HMI/SCADA application xArrow is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

6.4CVSS6AI score0.00715EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/04/26 2:15 p.m.5 views

CVE-2020-15078

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks...

7.5CVSS7.1AI score0.05107EPSS
Exploits0References12
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.7 views

Racom 安全漏洞

The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. An OS command injection vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. An attacker can exploit this vulnerabili...

9CVSS7.5AI score0.0124EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/12/24 12:0 a.m.3 views

The vulnerability of the Fanuc 32i numerical program-controlled controller, related to the transmission of data in an open manner, allows a intruder to intercept control data and enhance their privileges.

The vulnerability of the Fanuc 32i numerical control controller lies in the transfer of data in an open manner. Exploiting this vulnerability can allow a intruder to intercept the control commands and enhance their privileges...

7.4CVSS5.5AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2020/01/15 6:36 p.m.24 views

CVE-2019-18275

OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes...

6.4AI score0.01096EPSS
Exploits0References1
CNVD
CNVD
added 2019/11/08 12:0 a.m.8 views

Linux kernel memory leak vulnerability (CNVD-2019-40157)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory leak vulnerability exists in the sofsetgetlargectrldata function in sound/soc/sof/ipc.c in Linux kernel 5.3....

5.5CVSS5.9AI score0.00393EPSS
Exploits0References1
OSV
OSV
added 2019/08/22 2:15 p.m.5 views

CVE-2019-5632

An insecure storage of sensitive information vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. The application's database was found to contain information that could be used to control the lock devices remotely. This issue affects Hickory Smart for...

5.5CVSS6.4AI score0.00351EPSS
Exploits0References2
Rows per page
Query Builder