310 matches found
CVE-2022-38980
CVE-2022-38980 describes a heap overflow in the Huawei HarmonyOS HwAirlink module when processing data packets of its proprietary protocol. The vulnerability could allow an attacker to obtain process control permissions, as indicated by the provided descriptions. The available connected documents...
Unspecified Vulnerability in Wyse ThinOS
Wyse ThinOS is a specialized operating system for Dell servers from Dell USA. A security vulnerability exists in Wyse ThinOS that stems from the inclusion of a regular expression denial of service vulnerability in the UI, which can be exploited by an administrator privileged attacker to cause a...
PT-2022-24862 · Unknown · Loramac-Node
Name of the Vulnerable Software and Affected Versions: LoRaMac-node versions prior to 4.7.0 Description: The issue is caused by improper size validation of incoming radio frames, which can lead to a buffer overflow. Specifically, the function ProcessRadioRxDone expects incoming radio frames to ha...
Command Execution Vulnerability in the T+ Proprietary Cloud
Smooth T+ Exclusive Cloud is a cloud ERP system that integrates the whole scenario of doing business, managing business and watching business. A command execution vulnerability exists in Smooth Jietong T+ Exclusive Cloud, which can be exploited by an attacker to execute arbitrary commands...
Source code of password manager LastPass stolen by attacker
In a security incident notice from LastPass the company informed the public know that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account. There is no evidence that this incident involved any access to customer dat...
CVE-2022-30313
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...
Design/Logic Flaw
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...
Industrial systems: What it takes to secure and staff them
The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Patrick C. Miller,...
CVE-2022-30313
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...
CVE-2022-30313
CVE-2022-30313 affects Honeywell Experion PKS Safety Manager (prior to 2022-05-06). The issue is missing authentication for critical functions in proprietary Safe Builder and Experion TCP (51000/TCP) protocols, enabling unauthenticated access to commands such as IO manipulation, file read/write, ...
CVE-2022-30313
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0051, there is a Honeywell Experion PKS Safety Manager multiple proprietary protocols with unauthenticated functionality issue. The affected components are...
CVE-2022-29957
The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...
CVE-2022-29957
The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...
Authentication flaw
The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...
CVE-2022-29957
The Emerson DeltaV Distributed Control System DCS through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade 18508/TCP, 18518/TCP; Plug-and-Play 18510/UDP; Hawk services 18507/UDP; Managemen...
CVE-2022-29957
The CVE concerns Emerson DeltaV Distributed Control System (DCS) prior to/through 2022-04-29 where authentication is mishandled across multiple proprietary protocols: Firmware upgrade (18508/18518 TCP), Plug‑and‑Play (18510 UDP), Hawk services (18507 UDP), Management (18519 TCP), Cold restart (18...
Important: Red Hat Security Advisory: kernel security and bug fix update
An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: buffer overflow in IPsec ESP transformation code CVE-2022-27666 kernel: out-of-bounds read in fbcongetfont function CVE-2020-28915 For more details about the security issues, including th...
kernel security and bug fix update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
Exploit for CVE-2022-1966
It is an exploit module for a vulnerability in a proprietary sof...