43 matches found
Siemens SIMATIC Devices Linux Kernel Use After Free (CVE-2022-47946)
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in iosqpollwaitsq in fs/iouring.c allows an attacker to crash the kernel, resulting in denial of service. finishwait can be skipped. An attack can occur in some situations by forking a process and then quickly...
Rockwell Automation Logix Controllers Uncontrolled Resource Consumption (CVE-2024-8626)
Due to a memory leak, a denial-of-service vulnerability exists in the affected products. A malicious actor could exploit this vulnerability by performing multiple actions on certain webpages of the product causing the affected products to become fully unavailable and require a power cycle to...
Qnap QTS OS Command Injection (CVE-2023-23368)
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later...
Qnap QTS Path Traversal (CVE-2023-45026)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in...
Qnap QTS Classic Buffer Overflow (CVE-2023-45035)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...
Qnap QTS OS Command Injection (CVE-2023-39300)
An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS...
Qnap QTS Open Redirect (CVE-2021-44054)
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of...
Qnap QTS Out-of-bounds Read (CVE-2022-27598)
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP QVR Pro appliances...
Qnap QTS Improper Authorization (CVE-2023-50363)
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS...
Qnap QTS Classic Buffer Overflow (CVE-2023-45040)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...
Nexans FTTO GigaSwitch Backdoor Account (CVE-2022-32985)
libnxapl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
SEH Computertechnik UTN Server PRO and INU-100 Stored Cross-Site Scripting (CVE-2024-5420)
Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting XSS. This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below. This plugin only works...
Hikvision Multiple Products Command Injection (CVE-2021-36260)
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. This plugin only works with Tenable.ot. Please vis...
Hikvision Cameras Password in Configuration File (CVE-2017-7923)
While processing a specified request code, the user privilege-escalating vulnerability may occur for select Hikvision IP cameras with particular firmware version. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...
Arecont Vision AV1355DN MegaDome camera Denial of Service (CVE-2013-0139)
The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service video-capture outage via a packet to UDP port 69. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...
Siemens Scalance W1750D Buffer Copy without Checking Size of Input (CVE-2023-45615)
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities resul...
Westermo MRD-315 ASP Source Code Disclosure (CVE-2020-7227)
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.as...
Siemens SCALANCE, SIMATIC and RUGGEDCOM Products Command Injection (CVE-2022-0778)
The BNmodsqrt function in openSSL, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve paramete...
Siemens SCALANCE W1750D Buffer Overflow (CVE-2023-22782)
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities...
Rockwell Automation Stratix Industrial Managed Ethernet Switch 7Pk Errors (CVE-2018-0155)
A vulnerability in the Bidirectional Forwarding Detection BFD offload implementation could allow an unauthenticated remote attacker to cause a crash of the iosd process, causing a DoS condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is...