Lucene search
K

113 matches found

CNNVD
CNNVD
added 2024/12/10 12:0 a.m.4 views

MSA Safety FieldServer 安全漏洞

MSA Safety FieldServer is a building automation solution from MSA Safety USA. A security vulnerability exists in MSA Safety FieldServer versions prior to 7.0.0, which stems from the fact that access to users inside the FieldServer gateway should be restricted to logging in locally on the device,...

9.8CVSS6.7AI score0.00448EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/10 12:0 a.m.12 views

CVE-2024-45494

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected...

0.00473EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/10 12:0 a.m.9 views

CVE-2024-45494

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected...

9.7AI score0.00473EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/10 12:0 a.m.7 views

CVE-2024-45493

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate...

9.5AI score0.00448EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/10 12:0 a.m.21 views

CVE-2024-45493

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate...

0.00448EPSS
Exploits0References2
CVE
CVE
added 2024/12/10 12:0 a.m.55 views

CVE-2024-45494

The CVE affects MSA FieldServer Gateway versions 5.0.0–6.5.2 (fixed in 7.0.0). A shared administrative user on all devices uses an unsafe, static secret for authentication, enabling potential unauthorized admin access. The issue is described with high impact across confidentiality, integrity, and...

9.8CVSS9.7AI score0.00473EPSS
Exploits0References2
CVE
CVE
added 2024/12/10 12:0 a.m.49 views

CVE-2024-45493

Summary: CVE-2024-45493 affects MSA FieldServer Gateway versions 5.0.0–6.5.2; a bypass allows an attacker to authenticate with an internal user account from the network, if password known. The issue is fixed in version 7.0.0. Affected product: MSA FieldServer Gateway (FieldServer Gateway) — Field...

9.8CVSS9.5AI score0.00448EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/29 12:0 a.m.14 views

CVE-2024-45495

MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking...

7.2AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/29 12:0 a.m.24 views

CVE-2024-45495

MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking...

0.00179EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/03 6:7 a.m.2 views

Malicious code in msa-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ed49b2fd60a4f02b928360047bfd5c5d86159fb1e1b86c27b528a72dda41151 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
NVD
NVD
added 2024/04/15 10:15 a.m.15 views

CVE-2024-22437

A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system...

7.3CVSS7.4AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2024/04/15 9:21 a.m.59 views

CVE-2024-22437

CVE-2024-22437 affects HPE MSA SAN Storage VSS Provider and CAPI Proxy software. Vulnerability allows elevation of privilege on affected MSA storage products via a local attack with low privileges and required user interaction. Impact is reported as high for confidentiality, integrity, and availa...

7.3CVSS7.1AI score0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/15 9:21 a.m.17 views

CVE-2024-22437 HPE MSA SAN Storage VSS Provider and CAPI Proxy Software, Elevation of Privilege

A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system...

7.3CVSS7.2AI score0.00181EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

Hewlett Packard Enterprise MSA SAN Storage和VSS Provider and CAPI Proxy software 安全漏洞

Hewlett Packard Enterprise MSA SAN Storage and Hewlett Packard Enterprise VSS Provider and CAPI Proxy software are products of Hewlett Packard Enterprise, Inc. Hewlett Packard Enterprise MSA SAN Storage is a modular intelligent storage array. Hewlett Packard Enterprise VSS Provider and CAPI Proxy...

7.3CVSS6.9AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/19 4:32 p.m.30 views

CVE-2024-25983 Msa-24-0006: idor on dashboard comments block

Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available e.g., on their profile page...

3.5CVSS4.6AI score0.00602EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/19 4:32 p.m.33 views

CVE-2024-25982 Msa-24-0005: csrf risk in language import utility

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk...

4.3CVSS5.2AI score0.005EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/19 4:32 p.m.11 views

CVE-2024-25982 Msa-24-0005: csrf risk in language import utility

The link to update all installed language packs did not include the necessary token to prevent a CSRF risk...

4.3CVSS6.7AI score0.005EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/19 4:32 p.m.14 views

CVE-2024-25980 Msa-24-0003: h5p attempts report did not respect activity group settings

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...

4.3CVSS6.7AI score0.00533EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/19 4:32 p.m.35 views

CVE-2024-25980 Msa-24-0003: h5p attempts report did not respect activity group settings

Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers...

4.3CVSS5.2AI score0.00533EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/19 4:31 p.m.35 views

CVE-2024-25978 Msa-24-0001: denial of service risk in file picker unzip functionality

Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...

7.5CVSS7.5AI score0.00944EPSS
Exploits0References4
Rows per page
Query Builder