Lucene search
K

428 matches found

Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.6 views

PT-2024-24828 · Johnson Controls · American Dynamics Illustra Essentials Gen 4 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The web interface may accept characters unrelated to the expected input under certain circumstances. Recommendations: At the moment, there is no information about a newer version that...

9.1CVSS7AI score0.00512EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.5 views

Johnson Controls Illustra Essentials Gen 4 Security Vulnerability

Johnson Controls Illustra Essentials Gen 4 is a bullet camera from Johnson Controls USA. A security vulnerability exists in Johnson Controls Illustra Essentials Gen 4 Illustra.Ess4.01.02.10.5982 and prior versions, which originates from the possibility that an authenticated user could recover web...

6.8CVSS6.6AI score0.00384EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.7 views

Johnson Controls Illustra Essentials Gen 4 Security Vulnerability

Johnson Controls Illustra Essentials Gen 4 is a bullet camera from Johnson Controls USA. A security vulnerability exists in Johnson Controls Illustra Essentials Gen 4 Illustra.Ess4.01.02.10.5982 and prior versions, which stems from unnecessary user details being provided in the system log...

6.8CVSS6.8AI score0.00372EPSS
Exploits0References3
ICS
ICS
added 2024/06/27 6:0 a.m.28 views

Johnson Controls Illustra Essentials Gen 4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability may...

6.8CVSS6.8AI score0.00384EPSS
Exploits0References10
ICS
ICS
added 2024/06/27 6:0 a.m.23 views

Johnson Controls Illustra Essentials Gen 4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION : Exploitable remotely Vendor : Johnson Controls, Inc. Equipment : Illustra Essentials Gen 4 Vulnerability : Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...

6.8CVSS6.5AI score0.00353EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/06/06 8:49 p.m.15 views

CVE-2024-32752 Johnson Controls Software House iSTAR Configuration Utility (ICU) Tool

The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access...

8.8CVSS9.3AI score0.00591EPSS
Exploits0References2
ICS
ICS
added 2024/06/06 6:0 a.m.25 views

Johnson Controls Software House iStar Door Controller (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS 4 8.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Johnson Controls Inc. Equipment : Software House iStar Pro Door Controller, ICU Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this...

9.1CVSS9AI score0.00591EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.6 views

Johnson Controls Software House iStar Pro Door Controller Security Vulnerability

Johnson Controls Software House iStar Pro Door Controller is an access control device from Johnson Controls, Inc. A security vulnerability exists in the Johnson Controls Software House iStar Pro Door Controller that stems from vulnerability to man-in-the-middle attacks that could affect door...

9.1CVSS6.7AI score0.00591EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.11 views

PT-2024-5077 · Johnson Controls · Istar Pro Door Controller

Name of the Vulnerable Software and Affected Versions: Johnson Controls Software House iStar Pro Door Controller affected versions not specified Description: The issue is related to the lack of authentication for a critical function in the ICU tool and iSTAR Pro door controller, which can be...

9.4CVSS9.3AI score0.00591EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/06/05 12:0 a.m.8 views

Johnson Controls Software House C-CURE 9000 Log Message Disclosure Vulnerability

Johnson Controls Software House C-CURE 9000 is a scalable multi-site access control and alarm monitoring system from Johnson Controls, Inc. A log information disclosure vulnerability exists in Johnson Controls Software House C-CURE 9000 version 3.00.2, which originates from recording detailed...

8.5CVSS6.2AI score0.00164EPSS
Exploits0References2
ICS
ICS
added 2024/05/14 6:0 a.m.40 views

Johnson Controls Software House C●CURE 9000

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.7 ATTENTION : Low attack complexity Vendor : Johnson Controls Equipment : Software House C●CURE 9000 Vulnerability : Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an attacker to...

8.5CVSS4.4AI score0.00164EPSS
Exploits0References10
Spring Security Advisories
Spring Security Advisories
added 2024/05/14 12:0 a.m.38 views

This Week in Spring - May 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week's highlights in the Spring ecosystem emphasize the ongoing advancements and applications of Spring AI. The discussions range from exploring the impressive VectorStore abstraction and enhanced structured output suppo...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/04/26 10:43 a.m.14 views

CVE-2024-33677 WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70...

4.3CVSS5.1AI score0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/26 10:43 a.m.21 views

CVE-2024-33677 WordPress Contact Form 7 Extension For Mailchimp plugin <= 0.5.70 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70...

4.3CVSS5AI score0.00201EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2024/04/18 12:0 a.m.13 views

A Bootiful Podcast: Spring founders Rod Johnson and Juergen Hoeller on the 20th Anniversary of Spring Framework 1.0

Hi, Spring fans! In this episode, more than 20 incredible years in the making, Spring founders Rod Johnson @springrod and Juergen Hoeller @springjuergen discuss Spring since its 1.0 release in 2004...

7.2AI score
Exploits0
ICS
ICS
added 2024/02/08 7:0 a.m.50 views

Qolsys IQ Panel 4, IQ4 HUB

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION : Low attack complexity Vendor : Qolsys, Inc. Equipment : IQ Panel 4, IQ4 Hub Vulnerability : Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...

9.8CVSS8.6AI score0.00585EPSS
Exploits0References8
NVD
NVD
added 2024/01/31 2:15 p.m.32 views

CVE-2024-1112

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument...

9.8CVSS8.1AI score0.01592EPSS
Exploits1References1
Prion
Prion
added 2024/01/31 2:15 p.m.25 views

Heap overflow

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument...

7.5CVSS8.4AI score0.01592EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/01/31 1:17 p.m.53 views

CVE-2024-1112

CVE-2024-1112 is a heap-based buffer overflow in Resource Hacker (Angus Johnson) affecting version 3.6.0.92, allowing arbitrary code execution via a long filename argument. The vulnerability is documented across multiple connected sources, including a PoC exploit on GitHub that demonstrates using...

9.8CVSS9.6AI score0.01592EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/31 1:17 p.m.9 views

CVE-2024-1112 Buffer Overflow Vulnerability in Resource Hacker

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument...

7.3CVSS8.3AI score0.01592EPSS
Exploits1References1
Rows per page
Query Builder