Finding Software Supply Chain Attack Paths with Logical Attack Graphs

Cyberattacks are becoming increasingly frequent and sophisticated, often exploiting the software supply chain SSC as an attack vector. Attack graphs provide a detailed representation of the sequence of events and vulnerabilities that could lead to a successful security breach in a system. MulVal ...

CVE-2018-18056

An issue was discovered in the Texas Instruments TI TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory XOM implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash...

Buffer overflow

An issue was discovered in the Texas Instruments TI TM4C, MSP432E and MSP432P microcontroller series. The eXecute-Only-Memory XOM implementation prevents code read-outs on protected memory by generating bus faults. However, single-stepping and using breakpoints is allowed in XOM-protected flash...

CVE-2018-18056

The CVE-2018-18056 entry concerns TI TM4C, MSP432E and MSP432P microcontroller series. The issue stems from the eXecute-Only-Memory (XOM) implementation, which prevents code reads on protected memory by using bus faults, yet allows single-step/breakpoint use in XOM-protected flash. This enables a...

Memory corruption

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states...

CVE-2018-7522

Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0–10.4 are affected by CVE-2018-7522. When a system call is made, registers are stored to a fixed memory location; modifying data there could grant an attacker supervisor‑level access and control over safety system states. The ...

CVE-2018-7522

In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states...

CVE-2017-2317

Juniper Networks NorthStar Controller Application before version 2.1.0 Service Pack 1 is vulnerable to a denial-of-service attack from an unauthenticated, network-based attacker. The issue can cause DoS of underlying database tables and may lead to information disclosure, modification of system s...

Microsoft IIS .HTR ISAPI chunked encoding buffer overflow

Added: 02/17/2006 CVE: CVE-2002-0364 BID: 4855 OSVDB: 5316 Background Microsoft IIS web servers include ISAPI extensions which are invoked in the server process to handle requests of a given type. Problem A heap overflow in IIS 4.0 and 5.0 when processing chunked encoding transfers of HTR request...