The Ignition Project
Products
3- 4 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14520 | Hig | 0.49 | 7.5 | 0.01 | Jul 31, 2020 | The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). | ||
| CVE-2020-12000 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2020 | The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway… | ||
| CVE-2020-10641 | Hig | 0.49 | 7.5 | 0.01 | Apr 28, 2020 | An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a… | ||
| CVE-2022-1264 | Med | 0.44 | 6.8 | 0.01 | Jul 20, 2022 | The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code. | ||
| CVE-2005-1641 | 0.00 | — | 0.00 | May 17, 2005 | mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service. | |||
| CVE-2005-1640 | 0.00 | — | 0.02 | May 17, 2005 | mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions. | |||
| CVE-2004-2431 | 0.00 | — | 0.03 | Dec 31, 2004 | Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication. | |||
| CVE-2004-2553 | 0.00 | — | 0.02 | Dec 31, 2004 | The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument. |
- risk 0.49cvss 7.5epss 0.01
The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13).
- risk 0.49cvss 7.5epss 0.01
The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway…
- risk 0.49cvss 7.5epss 0.01
An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a…
- risk 0.44cvss 6.8epss 0.01
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
- CVE-2005-1641May 17, 2005risk 0.00cvss —epss 0.00
mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.
- CVE-2005-1640May 17, 2005risk 0.00cvss —epss 0.02
mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions.
- CVE-2004-2431Dec 31, 2004risk 0.00cvss —epss 0.03
Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication.
- CVE-2004-2553Dec 31, 2004risk 0.00cvss —epss 0.02
The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument.