The vulnerability of the QuRouter operating system for QNAP network devices is related to errors in processing input data, allowing attackers to execute arbitrary code.

The vulnerability of the QuRouter operating system for QNAP network devices is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the CIP Message Handler component in Rockwell Automation’s programmable logic controllers ControlLogix 5580, CompactLogix 5380, Compact GuardLogix 5380 SIL 2, Compact GuardLogix 5380 SIL 3, CompactLogix 5480, FactoryTalk Logix Echo allows a intruder to trigger a service failure.

The vulnerability of the CIP Message Handler component in Rockwell Automation’s programmable logic controllers ControlLogix 5580, CompactLogix 5380, Compact GuardLogix 5380 SIL 2, Compact GuardLogix 5380 SIL 3, CompactLogix 5480, and FactoryTalk Logix Echo is related to errors in processing input...

The vulnerability of the microprogrammed control system of the ABB AC 800M is related to errors in processing input data, allowing a intruder to execute arbitrary commands.

The vulnerability of the ABB AC 800M controller’s microprogramming software is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted MMS packets remotely...

PHPGurukul Vehicle Record System SQL注入漏洞

PHPGurukul Vehicle Record System is a vehicle record management system from PHPGurukul. A SQL injection vulnerability exists in version 1.0 of the PHPGurukul Vehicle Record System, which originates from an SQL injection vulnerability contained in the searchinputdata parameter of the...

The vulnerability of the Cost Planning component of the Oracle Cost Management system, a cost management solution within the Oracle E-Business Suite. This component allows attackers to modify, add, or delete data.

The vulnerability of the Cost Planning component of the Oracle Cost Management system, a cost management solution within the Oracle E-Business Suite, is related to deficiencies in the authorization process due to incorrect validation of input data. Exploiting this vulnerability could allow an...

CVE-2024-49361 Potential Vulnerability in ACON Library: Improper Input Validation Leading to Malicious Code Execution

ACON is a widely-used library of tools for machine learning that focuses on adaptive correlation optimization. A potential vulnerability has been identified in the input validation process, which could lead to arbitrary code execution if exploited. This issue could allow an attacker to submit...

ROS-20241015-01

Vulnerability in the Image Element Handler component of the Haskell library for conversion from markup formats Pandoc is related to the provision of a specially crafted image element as input when creating files using the --extract-media parameter or outputting to PDF. file creation using the...

The vulnerability of the distributed control system ABB System 800xA, related to insufficient verification of input data, allows a intruder to trigger a service failure.

The vulnerability of the distributed control system ABB System 800xA is related to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to trigger maintenance failures by sending numerous messages...

The vulnerability of the PIM protocol implementation in the Cisco IOS XE operating system allows a attacker to trigger a service failure.

The vulnerability of the Protocol Independent Multicast PIM protocol implementation in the Cisco IOS XE operating system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

PT-2024-7255 · Abb · Abb Ac 800M

Name of the Vulnerable Software and Affected Versions: ABB AC 800M affected versions not specified Description: The issue is related to errors in processing input data in the ABB AC 800M controller firmware. It allows a remote attacker to execute arbitrary commands by sending specially crafted MM...

The vulnerability of microprogrammed software in Siemens LOGO!8 BM and SIPLUS LOGO! controllers arises from incorrect checking of specified indices, positions, or offsets in input data. This allows unauthorized access by attackers to protected information.

The vulnerability of the microprogrammed software of Siemens LOGO!8 BM and SIPLUS LOGO! lies in the improper checking of specified indices, positions, or offsets in input data during TCP packet processing. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protecte...

ROS-20241004-09

Vulnerability of the matchflags function of the Netfilter subsystem of the Linux kernel is related to the reading of data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information or cause a denial of...

The vulnerability of the microprogrammed software in Rockwell Automation’s CompactLogix, ControlLogix, and GuardLogix programmable logic controllers allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software in Rockwell Automation’s CompactLogix, ControlLogix, and GuardLogix controllers is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system from a remote location...

The vulnerability of the microprogrammed software in Rockwell Automation’s CompactLogix, ControlLogix, GuardLogix, and Communication Module 1756-EN4 systems allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software in Rockwell Automation’s CompactLogix, ControlLogix, GuardLogix, and Communication Module 1756-EN4 is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system remotely...

ROS-20240927-01

Vulnerability of FFmpeg multimedia library function loadinputpicture is related to buffer copying without checking input data size. checking the size of the input data. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in interpolate component...

The vulnerability of the SAE H2E authentication protocol implementation in the embedded operating system OpenWrt allows a hacker to downgrade the version of the authentication protocol used.

The vulnerability of the SAE H2E authentication protocol implementation in the embedded operating system OpenWrt is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to downgrade the version of the authentication protocol used...

The vulnerability of the Downloads component in Microsoft Edge and Google Chrome browsers allows a perpetrator to compromise data integrity.

The vulnerability of the Downloads component in Microsoft Edge and Google Chrome is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to compromise data integrity through a specially crafted HTML page...

TOTOLINK AC1200 setWizardCfg function buffer overflow vulnerability

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in the TOTOLINK AC1200 v4.1.5cu.861B20230220 version, which stems from the failure of the ssid5g parameter of the setWizardCfg function to correctly validate the length and...

DrayTek Vigor 3910 Buffer Overflow Vulnerability (CNVD-2024-39950)

The DrayTek Vigor 3910 is a high performance router for enterprise networks from DrayTek. A buffer overflow vulnerability exists in the DrayTek Vigor 3910 v4.3.2.6, which is caused by the sPPPSrvNm parameter on the fwuser.cgi page not properly validating the length of the input data, and can be...

DrayTek Vigor 3910 Buffer Overflow Vulnerability (CNVD-2024-39949)

The DrayTek Vigor 3910 is a high performance router for enterprise networks from DrayTek. A buffer overflow vulnerability exists in the DrayTek Vigor 3910 v4.3.2.6, which is caused by the sProfileName parameter on the fextobj.cgi page not properly validating the length of input data, and can be...