| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36603 | Hig | 0.57 | 8.8 | 0.01 | Sep 1, 2022 | InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function. | ||
| CVE-2022-36602 | Hig | 0.57 | 8.8 | 0.01 | Sep 1, 2022 | InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function. | ||
| CVE-2022-32743 | Hig | 0.49 | 7.5 | 0.01 | Sep 1, 2022 | Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | ||
| CVE-2022-2738 | Hig | 0.49 | 7.5 | 0.01 | Sep 1, 2022 | The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause… | ||
| CVE-2022-2639 | Hig | 0.00 | 7.8 | 0.01 | Sep 1, 2022 | An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an… | ||
| CVE-2022-2320 | Hig | 0.51 | 7.8 | 0.01 | Sep 1, 2022 | A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw… | ||
| CVE-2022-2319 | Hig | 0.51 | 7.8 | 0.00 | Sep 1, 2022 | A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. | ||
| CVE-2022-1902 | Hig | 0.00 | 8.8 | 0.01 | Sep 1, 2022 | A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. | ||
| CVE-2022-1729 | Hig | 0.00 | 7.0 | 0.00 | Sep 1, 2022 | A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | ||
| CVE-2022-36773 | Hig | 0.53 | 8.1 | 0.01 | Sep 1, 2022 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571. | ||
| CVE-2022-30614 | Hig | 0.49 | 7.5 | 0.01 | Sep 1, 2022 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID:… | ||
| CVE-2022-2996 | — | Hig | 0.48 | 7.4 | 0.01 | Sep 1, 2022 | A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. | |
| CVE-2021-45027 | Hig | 0.49 | 7.5 | 0.02 | Sep 1, 2022 | An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. | ||
| CVE-2020-35525 | Hig | 0.49 | 7.5 | 0.01 | Sep 1, 2022 | In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. | ||
| CVE-2022-37435 | Hig | 0.50 | 8.8 | 0.01 | Sep 1, 2022 | Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. | ||
| CVE-2022-36676 | Hig | 0.47 | 7.2 | 0.01 | Sep 1, 2022 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. | ||
| CVE-2022-36675 | Hig | 0.47 | 7.2 | 0.01 | Sep 1, 2022 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php. | ||
| CVE-2022-36674 | Hig | 0.47 | 7.2 | 0.01 | Sep 1, 2022 | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php. | ||
| CVE-2022-36671 | Hig | 0.49 | 7.5 | 0.00 | Sep 1, 2022 | Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. | ||
| CVE-2022-37129 | Hig | 0.58 | 8.8 | 0.08 | Aug 31, 2022 | D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. | ||
| CVE-2022-37123 | Hig | 0.57 | 8.8 | 0.03 | Aug 31, 2022 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | ||
| CVE-2022-36619 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2022 | In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | ||
| CVE-2022-36051 | Hig | 0.50 | 8.7 | 0.01 | Aug 31, 2022 | ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain… | ||
| CVE-2022-36620 | Hig | 0.51 | 7.5 | 0.23 | Aug 31, 2022 | D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting. | ||
| CVE-2022-2897 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. | ||
| CVE-2022-2896 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. | ||
| CVE-2022-2895 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. | ||
| CVE-2022-2894 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file. | ||
| CVE-2022-2892 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2022 | Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. | ||
| CVE-2022-36582 | Hig | 0.47 | 7.2 | 0.01 | Aug 31, 2022 | An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2022-36581 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2022 | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. | ||
| CVE-2022-36580 | Hig | 0.47 | 7.2 | 0.01 | Aug 31, 2022 | An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2022-36571 | Hig | 0.47 | 7.2 | 0.01 | Aug 31, 2022 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. | ||
| CVE-2022-36570 | Hig | 0.47 | 7.2 | 0.01 | Aug 31, 2022 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. | ||
| CVE-2022-36569 | Hig | 0.57 | 8.8 | 0.01 | Aug 31, 2022 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. | ||
| CVE-2022-36568 | Hig | 0.57 | 8.8 | 0.01 | Aug 31, 2022 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. | ||
| CVE-2022-34383 | Hig | 0.53 | 8.1 | 0.00 | Aug 31, 2022 | Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. | ||
| CVE-2022-34373 | Hig | 0.47 | 7.3 | 0.00 | Aug 31, 2022 | Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. | ||
| CVE-2022-1841 | Hig | 0.47 | 7.2 | 0.01 | Aug 31, 2022 | In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. | ||
| CVE-2022-37184 | Hig | 0.57 | 8.8 | 0.01 | Aug 31, 2022 | The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. | ||
| CVE-2022-38152 | Hig | 0.00 | 7.5 | 0.02 | Aug 31, 2022 | An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses… | ||
| CVE-2022-3028 | Hig | 0.00 | 7.0 | 0.00 | Aug 31, 2022 | A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory… | ||
| CVE-2022-37122 | Hig | 0.50 | 7.5 | 0.20 | Aug 31, 2022 | Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script… | ||
| CVE-2022-2866 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2022 | FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. | ||
| CVE-2022-2590 | Hig | 0.46 | 7.0 | 0.01 | Aug 31, 2022 | A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their… | ||
| CVE-2022-2132 | Hig | 0.56 | 8.6 | 0.02 | Aug 31, 2022 | A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | ||
| CVE-2022-2044 | Hig | 0.53 | 8.2 | 0.01 | Aug 31, 2022 | MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. | ||
| CVE-2022-2043 | Hig | 0.49 | 7.5 | 0.01 | Aug 31, 2022 | MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. | ||
| CVE-2022-2006 | Hig | 0.51 | 7.8 | 0.00 | Aug 31, 2022 | AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL… | ||
| CVE-2022-2005 | Hig | 0.49 | 7.5 | 0.00 | Aug 31, 2022 | AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions… |
- risk 0.57cvss 8.8epss 0.01
InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function.
- risk 0.57cvss 8.8epss 0.01
InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function.
- risk 0.49cvss 7.5epss 0.01
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
- risk 0.49cvss 7.5epss 0.01
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause…
- risk 0.00cvss 7.8epss 0.01
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an…
- risk 0.51cvss 7.8epss 0.01
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw…
- risk 0.51cvss 7.8epss 0.00
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
- risk 0.00cvss 8.8epss 0.01
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.
- risk 0.00cvss 7.0epss 0.00
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.
- risk 0.53cvss 8.1epss 0.01
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.
- risk 0.49cvss 7.5epss 0.01
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID:…
- risk 0.48cvss 7.4epss 0.01
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
- risk 0.49cvss 7.5epss 0.02
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
- risk 0.49cvss 7.5epss 0.01
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.
- risk 0.50cvss 8.8epss 0.01
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.
- risk 0.47cvss 7.2epss 0.01
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.
- risk 0.47cvss 7.2epss 0.01
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.
- risk 0.47cvss 7.2epss 0.01
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.
- risk 0.49cvss 7.5epss 0.00
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.
- risk 0.58cvss 8.8epss 0.08
D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.
- risk 0.57cvss 8.8epss 0.03
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.
- risk 0.49cvss 7.5epss 0.01
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.
- risk 0.50cvss 8.7epss 0.01
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain…
- risk 0.51cvss 7.5epss 0.23
D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.
- risk 0.51cvss 7.8epss 0.00
Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..
- risk 0.51cvss 7.8epss 0.00
Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.
- risk 0.51cvss 7.8epss 0.00
Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.
- risk 0.51cvss 7.8epss 0.00
Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.
- risk 0.51cvss 7.8epss 0.00
Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.
- risk 0.47cvss 7.2epss 0.01
An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.49cvss 7.5epss 0.01
Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.
- risk 0.47cvss 7.2epss 0.01
An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.47cvss 7.2epss 0.01
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.
- risk 0.47cvss 7.2epss 0.01
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.
- risk 0.57cvss 8.8epss 0.01
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.
- risk 0.57cvss 8.8epss 0.01
Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.
- risk 0.53cvss 8.1epss 0.00
Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.
- risk 0.47cvss 7.3epss 0.00
Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.
- risk 0.47cvss 7.2epss 0.01
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.
- risk 0.57cvss 8.8epss 0.01
The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file.
- risk 0.00cvss 7.5epss 0.02
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses…
- risk 0.00cvss 7.0epss 0.00
A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory…
- risk 0.50cvss 7.5epss 0.20
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script…
- risk 0.51cvss 7.8epss 0.00
FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution.
- risk 0.46cvss 7.0epss 0.01
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their…
- risk 0.56cvss 8.6epss 0.02
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
- risk 0.53cvss 8.2epss 0.01
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device.
- risk 0.49cvss 7.5epss 0.01
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.
- risk 0.51cvss 7.8epss 0.00
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL…
- risk 0.49cvss 7.5epss 0.00
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions…