Lucene search
K

121 matches found

cvelist
cvelist
added 2022/10/17 8:20 a.m.20 views

CVE-2022-2052 TRUMPF TruTops default user accounts vulnerability

Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system...

9.8CVSS9.7AI score0.00621EPSS
Exploits0References1
nvd
nvd
added 2022/07/11 11:15 a.m.23 views

CVE-2022-1794

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...

5.5CVSS0.00211EPSS
Exploits0References1
osv
osv
added 2022/07/11 11:15 a.m.5 views

CVE-2022-1794

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...

5.5CVSS5.8AI score0.00211EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2022/07/11 12:0 a.m.7 views

PT-2022-14118 · 3S Smart Software Solutions · Codesys Opc Da Server

Name of the Vulnerable Software and Affected Versions: CODESYS OPC DA Server versions prior to V3.5.18.20 Description: The issue concerns the storage of PLC passwords in plain text within the configuration file of the CODESYS OPC DA Server, making these passwords visible to all authorized Microso...

5.5CVSS5.5AI score0.00211EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/07/11 12:0 a.m.8 views

3S-Smart Software Solutions CODESYS 安全漏洞

CODESYS is a controller development system from 3S-Smart Software Solutions, Germany. A security vulnerability exists in 3S-Smart Software Solutions CODESYS OPC DA Server versions prior to V3.5.18.20, which stems from the PLC storing passwords as plain text in its configuration file, which is...

5.5CVSS5.7AI score0.00211EPSS
Exploits0References2
attackerkb
attackerkb
added 2022/07/06 1:8 p.m.8 views

CVE-2022-1794

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system...

5.5CVSS6AI score0.00211EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2022/04/15 12:0 a.m.7 views

PT-2022-2258

Name of the Vulnerable Software and Affected Versions 7-Zip versions 21.07 and earlier Description The issue is related to a heap overflow in the 7z.dll library, which can be exploited to escalate privileges. This can be achieved by dragging a specially crafted .7z file to the HelpContents area,...

7.8CVSS8.3AI score0.01523EPSS
Exploits8References38
osv
osv
added 2022/03/18 12:1 a.m.88 views

GHSA-FX95-883V-4Q4H Path traversal in github.com/valyala/fasthttp

The package github.com/valyala/fasthttp before 1.34.0 is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

7.5CVSS7.3AI score0.02457EPSS
Exploits1References8
nvd
nvd
added 2022/03/17 12:15 p.m.32 views

CVE-2022-21221

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

7.5CVSS0.02457EPSS
Exploits1References5
ubuntucve
ubuntucve
added 2022/03/17 12:15 p.m.43 views

CVE-2022-21221

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

7.5CVSS6.8AI score0.02457EPSS
Exploits1References6
prion
prion
added 2022/03/17 12:15 p.m.13 views

Directory traversal

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

5CVSS7.4AI score0.02457EPSS
Exploits1References5Affected Software1
osv
osv
added 2022/03/17 11:21 a.m.23 views

CVE-2022-21221 Directory Traversal

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

5.9CVSS7AI score0.02457EPSS
Exploits1References7
cvelist
cvelist
added 2022/03/17 11:21 a.m.32 views

CVE-2022-21221 Directory Traversal

The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...

5.9CVSS7.6AI score0.02457EPSS
Exploits1References5
openvas
openvas
added 2022/01/28 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2018-0120)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.3AI score0.89618EPSS
Exploits19References6
threatpost
threatpost
added 2021/07/21 10:0 a.m.92 views

MacOS Being Picked Apart by $49 XLoader Data Stealer

There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49. It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service MaaS and stands...

7.4AI score
Exploits0References13
attackerkb
attackerkb
added 2021/05/11 12:0 a.m.65 views

CVE-2021-28550

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current...

9.6CVSS8.7AI score0.52005EPSS
In wildExploits0References2
threatpost
threatpost
added 2021/02/17 4:31 p.m.192 views

Masslogger Swipes Outlook, Chrome Credentials

Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and...

0.3AI score
Exploits0References11
threatpost
threatpost
added 2021/02/16 4:47 p.m.484 views

Microsoft Pulls Bad Windows Update After Patch Issue

Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week’s Patch Tuesday security updates. Microsoft’s servicing stack update provides fixes for the component that installs Windows updates. This particular defective...

0.9AI score0.78376EPSS
Exploits21References13
freebsd
freebsd
added 2021/01/13 12:0 a.m.36 views

go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve

The Go project reports: The go command may execute arbitrary code at build time when cgo is in use on Windows. This may occur when running "go get", or any other command that builds code. Only users who build untrusted code and don't execute it are affected. In addition to Windows users, this can...

8.1AI score
Exploits0References2
prion
prion
added 2020/12/21 11:15 p.m.16 views

Design/Logic Flaw

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...

8.5CVSS8.4AI score0.01451EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder