Unspecified Vulnerability in Schneider Electric Easergy T300 (CNVD-2021-21480)

The Schneider Electric Easergy T300 is a remote terminal unit for the power industry from Schneider Electric, France. A security vulnerability exists in the Schneider Electric Easergy T300 using firmware version 1.5.2 and earlier, which can be exploited by an attacker...

bind security update

32:9.11.4-16.P2.6 - Fix EDNS512 loops on broken servers 32:9.11.4-16.P2.5 - Add CVE tests to codebase 32:9.11.4-16.P2.4 - Limit number of queries triggered by a request CVE-2020-8616 - Fix invalid tsig request CVE-2020-8617 32:9.11.4-16.P2.3 - Disable atomic operations on ppc64, ppc64le, aarch64,...

Siemens Ktk Uncontrolled Resource Consumption

A vulnerability has been identified in KTK ATE530S All versions, SIDOOR ATD430W All versions, SIDOOR ATE530S COATED All versions, SIDOOR ATE531S All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions = V4.2, SIMATIC ET200SP IM155-6 MF HF All versions,...

ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c

A flaw was found in several functions of the IPMItool, where it failed to check data received from a LAN properly. An attacker could use this flaw to craft payloads, which can lead to a buffer overflow and also cause memory corruption, a denial of service, and remote code execution...

TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data

In April of 2020 VMware Carbon Black Threat Analysis Unit TAU researchers worked with an Incident Response IR partner on a piece of malware that was discovered during an ongoing PCI investigation. The combined analysis showed that attackers who previously leveraged a malware family called TinyPOS...

Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Hoaxcalls first emerged in late March, as a variant of the Gafgyt/Bashlite family; it’s named after the domain used to host its...

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

CVE-2020-12834

eQ-3 Homematic Central Control Unit CCU2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup or factory...

SAE IT-systems FW-50 Remote Telemetry Unit Path Traversal Vulnerability

The SAE IT-systems FW-50 Remote Telemetry Unit is a remote terminal unit RTU from SAE IT-systems, Germany. A path traversal vulnerability exists in the SAE IT-systems FW-50 Remote Telemetry Unit. An attacker can exploit this vulnerability with a specially crafted request to view the file structur...

SAE IT-systems FW-50 Remote Telemetry Unit Cross-Site Scripting Vulnerability

The SAE IT-systems FW-50 Remote Telemetry Unit is a remote terminal unit RTU from SAE IT-systems, Germany. A cross-site scripting vulnerability exists in the SAE IT-systems FW-50 Remote Telemetry Unit, which originates from the program failing to properly validate user input. A remote attacker...

Design/Logic Flaw

SAE IT-systems FW-50 Remote Telemetry Unit RTU. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users...

Design/Logic Flaw

SAE IT-systems FW-50 Remote Telemetry Unit RTU. A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible...

CVE-2020-10630

The CVE-2020-10630 entry concerns the SAE IT-systems FW-50 Remote Telemetry Unit (RTU). Technical details from connected sources specify an improper neutralization of input during web page generation (Cross-Site Scripting) in FW-50 RTU, affecting the web server component. Related materials also i...

CVE-2020-10630

SAE IT-systems FW-50 Remote Telemetry Unit RTU. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users...

Connected Home Hubs Open Houses to Full Remote Takeover

Three different connected home hubs – Fibaro Home Center Lite, Homematic Central Control Unit CCU2 and Elko’s eLAN-RF-003 – are vulnerable in their older versions to serious bugs that would allow information disclosure, man-in-the-middle MiTM attacks and unauthenticated remote code execution RCE,...

Intel NUC Buffer Overflow Vulnerability

The Intel NUC Kit is a small desktop computer from Intel Corporation USA. A buffer error vulnerability exists in the firmware in the Intel NUC. A local attacker could exploit this vulnerability to elevate privileges...

CVE-2020-0955

An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'...

Description of the security update for SharePoint Server 2013: May 9, 2017

Description of the security update for SharePoint Server 2013: May 9, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

Information Disclosure

kernel is vulnerable to information disclosure. Information leak flaws were found in the Linux kernel's Traffic Control Unit implementation. A local attacker could use these flaws to cause the kernel to leak kernel memory to user-space, possibly leading to the disclosure of sensitive information...