EUVD-2022-35127

Malicious code in bioql PyPI...

EUVD-2022-35121

Malicious code in bioql PyPI...

EUVD-2022-35123

Malicious code in bioql PyPI...

Measuresoft ScadaPro Server Improper Access Control Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Measuresoft ScadaPro Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2022-3263

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges...

Design/Logic Flaw

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges...

CVE-2022-3263

CVE-2022-3263 affects Measuresoft ScadaPro Server 6.7. The issue is an improper access control (CWE-284) where the ORCHESTRATOR service has inconsistent permissions, allowing a local low-privileged user to modify the service binary path and execute commands with SYSTEM privileges. Public sources ...

CVE-2022-3263 Measuresoft ScadaPro Server Improper Access Control

The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges...

Measuresoft ScadaPro Server 访问控制错误漏洞

Measuresoft ScadaPro Server is a powerful real-time data acquisition software package from Measuresoft Ireland. It provides monitoring, data logging, simulation development and report generation. An access control error vulnerability exists in Measuresoft ScadaPro Server version 6.7. An attacker...

Measuresoft ScadaPro Server

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Measuresoft Equipment: ScadaPro Server Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local user with limited privileges to modify the service binary...

CVE-2022-2892

Measuresoft ScadaPro Server Versions prior to 6.8.0.1 uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file...

CVE-2022-2895

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file...

CVE-2022-2896

Measuresoft ScadaPro Server All Versions allows use after free while processing a specific project file...

CVE-2022-2894

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file...

Design/Logic Flaw

Measuresoft ScadaPro Server Versions prior to 6.8.0.1 uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file...

Double free

Measuresoft ScadaPro Server All Versions allows use after free while processing a specific project file...

CVE-2022-2896 Measuresoft ScadaPro Server Use After Free

Measuresoft ScadaPro Server All Versions allows use after free while processing a specific project file...

CVE-2022-2896

Measuresoft ScadaPro Server (All Versions) is affected by CVE-2022-2896 due to a use-after-free in processing a specific project file (ORM-related parsing). The vulnerability can lead to arbitrary code execution, as described by multiple sources (ZDI: remote code execution requiring user interact...

CVE-2022-2894

CVE-2022-2894 – Measuresoft ScadaPro Server is associated with unmaintained ActiveX controls that may permit seven untrusted pointer dereference instances when processing a specific project file. The affected product is Measuresoft ScadaPro Server (and Client per related advisories) across all ve...

CVE-2022-2894 Measuresoft ScadaPro Server Untrusted Pointer Dereference

Measuresoft ScadaPro Server All Versions uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file...