7687 matches found
CVE-2022-34756
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 V01.401.102 and prior...
Design/Logic Flaw
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 V01.401.102 and prior...
CVE-2022-34756
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. Affected Products: Easergy P5 V01.401.102 and prior...
CVE-2022-34756
The CVE-2022-34756 affects Schneider Electric Easergy P5 (v01.401.102 and prior) and is caused by a CWE-120 buffer copy without checking input size. This vulnerability can lead to remote code execution or a crash of the device’s HTTPs Web HMI stack. Documented impact is high with a CVSS base scor...
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to External Service Interaction (CVE-2021-39016)
Summary In IBM Engineering Lifecycle Optimization - Publishing, it is possible to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains. CVE-2021-39016. Vulnerability Details CVEID: CVE-2021-39016 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishin...
[SECURITY] Fedora 36 Update: caddy-2.4.6-3.fc36
Caddy is the web server with automatic HTTPS...
Schneider Electric Easergy P5 安全漏洞
The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. A security vulnerability exists in Schneider Electric Easergy P5 V01.401.102 and prior versions, which stems from a buffer copy vulnerability that does not check the...
CVE-2022-29884
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions CPC80 V16.30, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions CPC80 V16.30, CP-8021 MASTER MODULE All versions CPC80 V16.30, CP-8022 MASTER MODULE WITH GPRS All versions CPC80 V16.30. When using the...
Race condition
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions CPC80 V16.30, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions CPC80 V16.30, CP-8021 MASTER MODULE All versions CPC80 V16.30, CP-8022 MASTER MODULE WITH GPRS All versions CPC80 V16.30. When using the...
CVE-2022-29884
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C All versions CPC80 V16.30, CP-8000 MASTER MODULE WITH I/O -40/+70°C All versions CPC80 V16.30, CP-8021 MASTER MODULE All versions CPC80 V16.30, CP-8022 MASTER MODULE WITH GPRS All versions CPC80 V16.30. When using the...
Siemens CPC80 Firmware of SICAM A8000
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: CPC80 Firmware of SICAM A8000 Vulnerability: Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful exploitation of this vulnerability could crash the...
Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains.(CVE-2021-20544)
Summary Summary guidance: External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service interactions does not constitute a vulnerability in its own...
Fedora: Security Advisory for dnscrypt-proxy (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: httprobe-0.1.2-6.fc36
Take a list of domains and probe for working HTTP and HTTPS servers...
Textpattern CMS < 4.8.8 Cookie Vulnerability
Textpattern CMS is missing the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...
Textpattern CMS Information Disclosure Vulnerability
Textpattern CMS is a Php-based content management system from the Textpattern team. An information disclosure vulnerability exists in Textpattern CMS v4.8.7 and prior versions, which stems from the application transmitting cookies used in HTTPS session transfers in plaintext. An attacker can...
Command injection
Multiple command injection vulnerabilities exist in the webserver action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The...
CVE-2021-40642
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...
CVE-2021-40642
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...
Code injection
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplibmisc.php. The secure flag is not set for txplogin session cookie in the application. If the secure flag is not set, then the cookie will be...