VYPR

CVEs

100,075 total · page 1917 of 2,002

  • CVE-2016-9365HigFeb 13, 2017
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…

  • CVE-2016-9364HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server.

  • CVE-2016-9363HigFeb 13, 2017
    risk 0.48cvss 7.3epss 0.02

    An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions…

  • CVE-2016-9356HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue.

  • CVE-2016-9353HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use.

  • CVE-2016-9351HigFeb 13, 2017
    risk 0.49cvss 7.0epss 0.04

    An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.

  • CVE-2016-9349HigFeb 13, 2017
    risk 0.52cvss 7.5epss 0.08

    An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.

  • CVE-2016-9344HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.

  • CVE-2016-9334HigFeb 13, 2017
    risk 0.48cvss 7.3epss 0.04

    An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions;…

  • CVE-2016-9332HigFeb 13, 2017
    risk 0.52cvss 7.5epss 0.08

    An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service…

  • CVE-2016-8566HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database.

  • CVE-2016-8379HigFeb 13, 2017
    risk 0.53cvss 8.1epss 0.01

    An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik…

  • CVE-2016-8377HigFeb 13, 2017
    risk 0.56cvss 8.0epss 0.09

    An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured…

  • CVE-2016-8374HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK…

  • CVE-2016-8372HigFeb 13, 2017
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik…

  • CVE-2016-8370HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC.

  • CVE-2016-8369HigFeb 13, 2017
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY).

  • CVE-2016-8368HigFeb 13, 2017
    risk 0.56cvss 8.6epss 0.03

    An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote…

  • CVE-2016-8361HigFeb 13, 2017
    risk 0.56cvss 8.6epss 0.02

    An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication.

  • CVE-2016-8360HigFeb 13, 2017
    risk 0.53cvss 8.1epss 0.02

    An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the…

  • CVE-2016-8357HigFeb 13, 2017
    risk 0.46cvss 7.1epss 0.01

    An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the…

  • CVE-2016-8356HigFeb 13, 2017
    risk 0.53cvss 8.2epss 0.01

    An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities.

  • CVE-2016-8354HigFeb 13, 2017
    risk 0.46cvss 7.0epss 0.01

    An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted…

  • CVE-2016-8346HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION).

  • CVE-2016-7987HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect…

  • CVE-2016-5809HigFeb 13, 2017
    risk 0.60cvss 8.8epss 0.02

    An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of…

  • CVE-2016-5805HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of…

  • CVE-2016-5803HigFeb 13, 2017
    risk 0.56cvss 8.6epss 0.02

    An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such…

  • CVE-2016-5802HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected…

  • CVE-2016-5801HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords.

  • CVE-2016-5798HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote…

  • CVE-2016-5796HigFeb 13, 2017
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within…

  • CVE-2016-5786HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials.

  • CVE-2016-5782HigFeb 13, 2017
    risk 0.56cvss 8.6epss 0.02

    An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly…

  • CVE-2016-10224HigFeb 13, 2017
    risk 0.47cvss 7.2epss 0.01

    An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

  • CVE-2016-8659HigFeb 13, 2017
    risk 0.46cvss 7.0epss 0.00

    Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.

  • CVE-2016-6129HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.01

    The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by…

  • CVE-2016-4547HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.01

    Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.

  • CVE-2016-3995HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks.

  • CVE-2016-3616HigFeb 13, 2017
    risk 0.58cvss 8.8epss 0.04

    The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.

  • CVE-2016-2568HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

  • CVE-2016-10026HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.02

    ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page…

  • CVE-2016-8495HigFeb 13, 2017
    risk 0.48cvss 7.4epss 0.01

    An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.

  • CVE-2017-3302HigFeb 12, 2017
    risk 0.49cvss 7.5epss 0.05

    Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.

  • CVE-2016-8713HigFeb 10, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to…

  • CVE-2016-8711HigFeb 10, 2017
    risk 0.51cvss 7.8epss 0.02

    A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this…

  • CVE-2016-8709HigFeb 10, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger…

  • CVE-2017-5940HigFeb 9, 2017
    risk 0.57cvss 8.8epss 0.00

    Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and…

  • CVE-2017-5180HigFeb 9, 2017
    risk 0.60cvss 8.8epss 0.01

    Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the…

  • CVE-2017-3813HigFeb 9, 2017
    risk 0.54cvss 7.8epss 0.02

    A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient…