‼ CVE-2023-4837 ‼
📖 Read
via "National Vulnerability Database".
** UNSUPPPORTED WHEN ASSIGNED ** SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative privileges. This issue affects all versions of SmodBIP. SmodBIP is no longer maintained and the vulnerability will not be fixed.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37194 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36380 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44261 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <=Â 3.3 versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44085 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45204 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45601 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44082 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38640 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44087 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30527 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries.This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30900 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44083 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-44081 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43625 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35796 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43787 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43788 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41085 ‼
📖 Read
via "National Vulnerability Database".
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43746 ‼
📖 Read
via "National Vulnerability Database".
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-43785 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.📖 Read
via "National Vulnerability Database".