Siemens SIPROTEC Information Disclosure (CVE-2016-4785)

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-13053)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. Oracle MySQL Cluster is vulnerable to buffer overflow, which can be exploited to...

Oracle MySQL 缓冲区错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. Oracle MySQL Cluster is vulnerable to buffer overflow, which can be exploited to...

Oracle MySQL 输入验证错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to read memory content or crash an applicatio...

Mozilla Firefox Security Advisory (MFSA2013-116) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Google TensorFlow buffer overflow vulnerability (CNVD-2021-87034)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, U.S. A buffer overflow vulnerability exists in Google TensorFlow, which stems from the fact that the ImmutableConst operation can be tricked into reading arbitrary memory content. This is because the...

Format string

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...

CVE-2020-29018

FortiWeb (versions 6.3.0–6.3.5) is affected by CVE-2020-29018 due to a format string vulnerability in the redir parameter. An authenticated, remote attacker could read memory and exfiltrate sensitive data. The available connected documents confirm the affected product family and the root cause (f...

CVE-2020-3259

A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential...

Information Disclosure

xorg-x11-server is vulnerable to information disclosure. The vulnerability exists as a malicious authorized client could exploit this issue to cause a denial of service crash, or potentially view arbitrary memory content within the X server's address space...

Windows GDI Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could explo...

Siemens Siprotec Exposure of Sensitive Information to an Unauthorized Actor

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...

CVE-2019-7228

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

Format string

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

CVE-2019-7230

The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack...

ABB IDAL FTP Server Uncontrolled Format String

XL-19-004 - ABB IDAL FTP Server Uncontrolled Format String Vulnerability ======================================================================== Identifiers ----------- XL-19-004 CVE-2019-7230 ABBVU-IAMF-1902008 CVSS Score ---------- 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected vendor...

Information disclosure

In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompressnlabel in mdns.c and a crash of the server depending on the memory protection...

Foxit PDF Reader XFA xdpContent information leak vulnerability

Summary An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software’s PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitati...

Buffer overflow

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service DoS condition, or execute arbitrary code as root. The vulnerability exists because th...

CVE-2018-0304

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service DoS condition, or execute arbitrary code as root. The vulnerability exists because th...