‼ CVE-2022-26022 ‼
📖 Read
via "National Vulnerability Database".
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25157 ‼
📖 Read
via "National Vulnerability Database".
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to disclose or tamper with the information in the product by using an eavesdropped password hash.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21830 ‼
📖 Read
via "National Vulnerability Database".
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23247 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32961 ‼
📖 Read
via "National Vulnerability Database".
A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33657 ‼
📖 Read
via "National Vulnerability Database".
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27493 ‼
📖 Read
via "National Vulnerability Database".
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32970 ‼
📖 Read
via "National Vulnerability Database".
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33022 ‼
📖 Read
via "National Vulnerability Database".
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25159 ‼
📖 Read
via "National Vulnerability Database".
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions and Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions allows a remote unauthenticated attacker to login to the product by replay attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27223 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27497 ‼
📖 Read
via "National Vulnerability Database".
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23287 ‼
📖 Read
via "National Vulnerability Database".
The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20238 ‼
📖 Read
via "National Vulnerability Database".
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. In this scenario, the ignition config is exposed to all pods within the cluster and cannot be accessed externally.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22277 ‼
📖 Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite - Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0373 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39908 ‼
📖 Read
via "National Vulnerability Database".
In all versions of GitLab CE/EE, certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32949 ‼
📖 Read
via "National Vulnerability Database".
An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits changing a designated path to another path and traversing the directory, allowing the replacement of an existing file with a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25691 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32960 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26623 ‼
📖 Read
via "National Vulnerability Database".
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.📖 Read
via "National Vulnerability Database".