π¨ CVE-2022-23401
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
π¨ CVE-2022-22729
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
π¨ CVE-2022-22151
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
π¨ CVE-2022-22148
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
'Root Service' service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
π¨ CVE-2022-22141
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
π¨ CVE-2022-22145
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
π¨ CVE-2022-21808
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
π¨ CVE-2022-21194
The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
π¨ CVE-2022-21177
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
π@cveNotify
π¨ CVE-2022-0913
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
π@cveNotify
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
π@cveNotify
π¨ CVE-2022-0928
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
GitHub
upgrade taxes to laravel routers Β· microweber/microweber@fc9137c
Drag and Drop Website Builder and CMS with E-commerce - upgrade taxes to laravel routers Β· microweber/microweber@fc9137c
π¨ CVE-2022-0870
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
GitHub
security: fix SSRF in repository migration (#6812) Β· gogs/gogs@91f2cde
Co-authored-by: Joe Chen <jc@unknwon.io>
# Conflicts:
#
CHANGELOG.md
#
internal/route/repo/webhook.go
# Conflicts:
#
CHANGELOG.md
#
internal/route/repo/webhook.go
π¨ CVE-2022-0871
Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
GitHub
security: fix improper PAM authorization handling (#6819) Β· gogs/gogs@64102be
Co-authored-by: Joe Chen <jc@unknwon.io>
# Conflicts:
#
CHANGELOG.md
#
internal/auth/pam/pam.go
# Conflicts:
#
CHANGELOG.md
#
internal/auth/pam/pam.go
π¨ CVE-2022-0928
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.
π@cveNotify
GitHub
upgrade taxes to laravel routers Β· microweber/microweber@fc9137c
Drag and Drop Website Builder and CMS with E-commerce - upgrade taxes to laravel routers Β· microweber/microweber@fc9137c
π¨ CVE-2022-0870
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
π@cveNotify
GitHub
security: fix SSRF in repository migration (#6812) Β· gogs/gogs@91f2cde
Co-authored-by: Joe Chen <jc@unknwon.io>
# Conflicts:
#
CHANGELOG.md
#
internal/route/repo/webhook.go
# Conflicts:
#
CHANGELOG.md
#
internal/route/repo/webhook.go
π¨ CVE-2022-0860
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
π@cveNotify
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
π@cveNotify
π¨ CVE-2022-26495
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
π@cveNotify
In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages.
π@cveNotify
sourceforge.net
Network Block Device - Browse /nbd at SourceForge.net
Tools for the Linux Kernel's network block device, allowing you to use remote block devices over a TCP/IP network.
Note that we have moved toβ¦
Note that we have moved toβ¦
π¨ CVE-2022-21819
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.
π@cveNotify
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.
π@cveNotify
π¨ CVE-2022-26496
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
π@cveNotify
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.
π@cveNotify
sourceforge.net
Network Block Device - Browse /nbd at SourceForge.net
Tools for the Linux Kernel's network block device, allowing you to use remote block devices over a TCP/IP network.
Note that we have moved toβ¦
Note that we have moved toβ¦
π¨ CVE-2021-46704
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
π@cveNotify
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.
π@cveNotify
GitHub
Validate host arg passed to ping Β· genieacs/genieacs@7f295be
Fixes remote code execution vulnerability reported by Alex Hordijk.
π¨ CVE-2020-18327
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
π@cveNotify
Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2
π@cveNotify
Cvedetails
CVE security vulnerability database. Security vulnerabilities, exploits, references and more
CVEdetails.com is a free CVE security vulnerability database/information source. You can view CVE vulnerability details, exploits, references, metasploit modules, full list of vulnerable products and cvss score reports and vulnerability trends over time