CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

Siemens SCALANCE LPE9403 Third-Party Vulnerabilities

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely, low attack complexity Vendor: Siemens Equipment: SCALANCE LPE9403 Vulnerabilities: Multiple 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause crashes and unrestricted file access, impacting the...

FortiClient (Windows) - privilege escalation in online installer due to incorrect working directory

An improper initialization CWE-665 vulnerability in FortiClient Windows may allow a local attacker to gain administrative privileges via placing a malicious executable inside the FortiClient installer's directory...

CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

Input validation

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

CVE-2022-24316

A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

CVE-2022-24316

Schneider Electric IGSS Data Server (IGSSdataServer.exe) is affected by CVE-2022-24316, a CWE-665 Improper Initialization vulnerability (information exposure) in the IGSS Data Server v15.0.0.22020 and prior. Exploitation involves sending a specially crafted message to the server (the vulnerabilit...

Mitsubishi Electric MELSEC-F Series

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-F Series Vulnerability: Improper Initialization 2. RISK EVALUATION Successful exploitation of this vulnerability may cause a denial-of-service condition in the...

GitHub Security Lab: [Java]: CWE-665 Insecure environment during RMI/JMX Server initialisation - All for one bounty

This bug was reported directly to GitHub Security Lab...

Advisory ROSA-SA-2021-1900

Software: libvncserver 0.9.9 OS: Cobalt 7.9 CVE-ID: CVE-2016-9941 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before version 0.9.11 allows remote servers to cause a denial of service application failure or possibly execute arbitrary code v...

Siemens SINAMICS Medium Voltage Products Remote Access (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: SINAMICS Medium Voltage Products, Remote Access Vulnerabilities: Improper Restriction of Operations Within the Bounds of a Memory Buffer, Access of Memory Location After End of Buffer, Uncontrolled Resourc...

Siemens SIMATIC S7-1500

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC S7-1500 CPU 1518F-4 Vulnerabilities: Improper Initialization, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of these Intel...

CVE-2019-8277

UltraVNC revision 1211 contains multiple memory leaks CWE-665 in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be...

CVE-2019-8277

UltraVNC revision 1211 contains multiple memory-leak vulnerabilities (CWE-665) in the VNC server code that can allow an attacker to read stack memory and, with other vulnerabilities, bypass ASLR. The issues are exploitable via network connectivity and have been fixed in revision 1212. This CVE en...

CVE-2019-8277

UltraVNC revision 1211 contains multiple memory leaks CWE-665 in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be...

Information disclosure

UltraVNC revision 1211 contains multiple memory leaks CWE-665 in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be...

Debian DLA-1617-1 : libvncserver security update

Kaspersky Lab discovered several vulnerabilities in libvncserver, a C library to implement VNC server/client functionalities. CVE-2018-6307 a heap use-after-free vulnerability in the server code of the file transfer extension, which can result in remote code execution. This attack appears to be...

CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memor...

CVE-2018-20022

LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak...

CVE-2018-20023

LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memor...