CVE-2019-25268

This CVE affects NREL BEopt 2.8.0.0 . The vulnerability is a DLL hijacking issue caused by insecure loading of libraries, allowing an attacker to place malicious libraries on WebDAV or SMB shares (e.g., sdl2.dll and libegl.dll ) and execute arbitrary code when a user opens the application. Impact...

EUVD-2015-1091

Malware in sbrugna...

EUVD-2019-2688

Malware in sbrugna...

EUVD-2015-1085

Malware in sbrugna...

CVE-2015-10080

A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...

CVE-2015-10080

A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...

Cross site scripting

A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...

CVE-2015-10080 NREL api-umbrella-web Admin Data Table cross site scripting

A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...

CVE-2015-10080 NREL api-umbrella-web Admin Data Table cross site scripting

A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been classified as problematic. This affects an unknown part of the component Admin Data Table Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 0.8.0 is ab...

CVE-2015-10080

CVE-2015-10080 affects NREL api-umbrella-web 0.7.1, specifically the Admin Data Table Handler component, where a cross-site scripting vulnerability exists. The issue can be triggered remotely. Upgrading to version 0.8.0 fixes the vulnerability (patch f53a9fb87e10c457f0f3dd4f2af24d3b2f21b3ca). Exp...

CVE-2015-10072

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...

Cross site scripting

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...

CVE-2015-10072

CVE-2015-10072 affects NREL api-umbrella-web 0.7.1. The Flash Message Handler contains a flaw enabling cross-site scripting that can be triggered remotely. A fix is available in version 0.8.0; the patch is identified as bcc0e922c61d30367678c8f17a435950969315cd. References confirm the vulnerabilit...

CVE-2015-10072 NREL api-umbrella-web Flash Message cross site scripting

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...

CVE-2015-10072 NREL api-umbrella-web Flash Message cross site scripting

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...

CVE-2019-10974

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code...

Code injection

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code...

CVE-2019-10974

NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code...

CVE-2019-10974

CVE-2019-10974 affects EnergyPlus 8.6.0 and earlier. The vulnerability is a stack-based buffer overflow (CWE-121) where the application fails to prevent an exception handler from being overwritten with arbitrary code. Impact per sources includes potential arbitrary code execution or denial of ser...

NREL EnergyPlus

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION: Low skill level to exploit Vendor: National Renewable Energy Laboratory NREL Equipment: EnergyPlus Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary...