Lucene search
K

77 matches found

Tenable Nessus
Tenable Nessus
added 2024/10/21 12:0 a.m.8 views

Siemens CP343-1 Devices Improper Verification of Source of a Communication Channel (CVE-2023-51440)

A vulnerability has been identified in SIMATIC CP 343-1 6GK7343-1EX30-0XE0 All versions, SIMATIC CP 343-1 Lean 6GK7343-1CX10-0XE0 All versions, SIPLUS NET CP 343-1 6AG1343-1EX30-7XE0 All versions, SIPLUS NET CP 343-1 Lean 6AG1343-1CX10-2XE0 All versions. Affected products incorrectly validate TCP...

7.5CVSS6.9AI score0.00597EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.23 views

Qnap QTS Server-Side Request Forgery (SSRF) (CVE-2023-39301)

A server-side request forgery SSRF vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS...

4.3CVSS5.2AI score0.00335EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.18 views

Qnap QTS SQL Injection (CVE-2020-36195)

An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedi...

9.8CVSS8.8AI score0.01765EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.24 views

Qnap QTS OS Command Injection (CVE-2023-47567)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645...

7.2CVSS7AI score0.01108EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.24 views

Qnap QTS OS Command Injection (CVE-2023-23367)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376...

7.2CVSS7AI score0.01496EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.17 views

Qnap QTS Classic Buffer Overflow (CVE-2023-41280)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

7.2CVSS7.5AI score0.0058EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.14 views

Qnap QTS Out-of-bounds Write (CVE-2023-32973)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

7.2CVSS7.5AI score0.00547EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.15 views

Qnap QTS Command Injection (CVE-2023-45025)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later...

9.8CVSS8.2AI score0.01128EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.42 views

Mitsubishi Electric MELSEC iQ-F FX5-OPC Denial of Service (CVE-2024-0727)

A Denial-of-Service DoS vulnerability due to NULL Pointer Dereference when processing PKCS12 format certificate exists in OpenSSL installed on MELSEC iQ-F OPC UA Unit. Because OpenSSL does not correctly check if a certain field in the PKCS12 format certificate is NULL, a NULL pointer dereference...

5.5CVSS6.3AI score0.03174EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.18 views

Synology DiskStation Manager Out-of-bounds Write (CVE-2021-31439)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results fr...

8.8CVSS8.7AI score0.02331EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/09/02 12:0 a.m.12 views

Siemens LOGO! V8.3 BM Devices Plaintext Storage of a Password (CVE-2024-39922)

LOGO! V8.3 BM incl. SIPLUS variants devices contain a plaintext storage of a password vulnerability. This could allow an attacker with phyiscal access to an affected device to extract user-set passwords from an embedded storage IC. Siemens has released new hardware versions with the LOGO! V8.4 BM...

5.1CVSS5.4AI score0.00213EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.9 views

Hanwha Vision NVR Buffer Overflow (CVE-2019-12223)

The NVR can be rebooted via external attack continuously if it can be access via the public network. During the time, video transmission and recording will not be operated. Also, Exploiting the vulnerability is trivial and requires very low skill level. The listed NVR is vulnerable to allow remot...

7.8CVSS7.9AI score0.02369EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.34 views

Hanwha Vision NVR Remote Code Execution (CVE-2023-6116)

An attacker could inject arbitrary attack code by manipulating http url parameters. However, in order to succeed in the attack, the base address of the stack memory must be obtained. The default address depends on firmware version, configuration option information, and the attack is unlikely to...

8.9CVSS5.8AI score0.00661EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.16 views

Hanwha Techwin SRN-4000 Improper Access Control (CVE-2017-7912)

A security research organization has discovered and disclosed a critical vulnerability in the firmware of certain Hanwha network video recording NVR devices. A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges...

9.8CVSS8.3AI score0.04774EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/10 12:0 a.m.32 views

Hirschmann HiOS Switches Heap-based Buffer Overflow (CVE-2019-12257)

DHCP packets may go past the local area network LAN via DHCP-relays, but are otherwise confined to the LAN. The DHCP-client may be used by VxWorks and in the bootrom. Bootrom, using DHCP/BOOTP, is only vulnerable during the boot-process. This vulnerability may be used to overwrite the heap, which...

8.8CVSS7.8AI score0.84177EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2024/03/18 12:0 a.m.24 views

Cisco IP Phones 8800 Series Denial of Service (CVE-2017-12328)

A vulnerability in Session Initiation Protocol SIP call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service DoS condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process...

5.8CVSS6AI score0.02133EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/23 12:0 a.m.21 views

Axis Communications Network Door Controllers and Intercoms Denial of Service (CVE-2023-21405)

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors...

6.5CVSS6.6AI score0.00293EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/17 12:0 a.m.15 views

Dell iDRAC9 Cross-site Scripting (CVE-2021-21541)

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser...

6.1CVSS6.3AI score0.00813EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/15 12:0 a.m.21 views

Siemens SCALANCE LPE9403 Path Traversal (CVE-2021-41103)

A vulnerability was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permissi...

7.8CVSS6.4AI score0.00482EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.27 views

Rockwell Automation Stratix 5900 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-6415)

A vulnerability in Internet Key Exchange version 1 IKEv1 packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is d...

7.5CVSS7.4AI score0.87687EPSS
Exploits7References5
Rows per page
Query Builder