12 matches found
Qnap QTS OS Command Injection (CVE-2021-28804)
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc...
Qnap QTS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-17030)
A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. This plugin only works with Tenable.ot. Please visit...
Qnap QTS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-17032)
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. This plugin only works with Tenable.ot. Please visit...
Qnap QTS Path Traversal (CVE-2023-51366)
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:...
Qnap QTS Classic Buffer Overflow (CVE-2023-50362)
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...
Siemens RUGGEDCOM Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-2024-39675)
In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...
Siemens SITOP UPS1600 Out-of-Bounds Write (CVE-2023-26552)
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Hikvision Cameras Buffer Overflow (CVE-2018-6413)
There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack service interruption via a crafted network setting interface request. This plugin only works with Tenable.ot. Plea...
Mitsubishi Electric MELSEC-Q/L Series Incorrect Pointer Scaling (CVE-2024-1915)
Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot. Please...
Mitsubishi Electric MELSEC-Q/L Series Integer Overflow or Wraparound (CVE-2024-1917)
Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. This plugin only works with Tenable.ot...
Rockwell Automation ControlLogix and GuardLogix Improper Input Validation (CVE-2024-3493)
A specific malformed fragmented packet type fragmented packets may be generated automatically by devices that send large amounts of data can cause a major nonrecoverable fault MNRF. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally...
Moxa PT-7728 Series Switch Improper Authorization (CVE-2016-4514)
Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...