Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22286 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | |||||
| CVE-2022-22987 | 1 Advantech | 2 Adam-3600, Adam-3600 Firmware | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | |||||
| CVE-2021-22288 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | |||||
| CVE-2022-0484 | 1 Mirantis | 1 Container Cloud Lens Extension | 2022-02-09 | 6.8 MEDIUM | 8.8 HIGH |
| Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1. | |||||
| CVE-2008-6976 | 1 Mikrotik | 1 Routeros | 2022-02-09 | 6.4 MEDIUM | N/A |
| MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request. | |||||
| CVE-2020-8782 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | |||||
| CVE-2020-8781 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2022-02-09 | 7.2 HIGH | 7.8 HIGH |
| Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. | |||||
| CVE-2019-11859 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 9.0 HIGH | 8.8 HIGH |
| A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root. | |||||
| CVE-2019-11858 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9. | |||||
| CVE-2019-11857 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 4.0 MEDIUM | 4.9 MEDIUM |
| Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information. | |||||
| CVE-2019-11856 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 5.5 MEDIUM | 3.8 LOW |
| A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials. | |||||
| CVE-2019-11855 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 7.5 HIGH | 9.8 CRITICAL |
| An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. | |||||
| CVE-2019-11853 | 1 Sierrawireless | 9 Airlink Es450, Airlink Gx450, Airlink Lx40 and 6 more | 2022-02-09 | 6.5 MEDIUM | 7.2 HIGH |
| Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4. | |||||
| CVE-2019-11852 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9. Sensitive information may be disclosed via the ACEviewservice, accessible by default on the LAN. | |||||
| CVE-2019-11850 | 1 Sierrawireless | 7 Airlink Lx40, Airlink Lx60, Airlink Mp70 and 4 more | 2022-02-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution | |||||
| CVE-2019-11849 | 1 Sierrawireless | 7 Airlink Lx40, Airlink Lx60, Airlink Mp70 and 4 more | 2022-02-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution. | |||||
| CVE-2019-11848 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2022-02-09 | 6.5 MEDIUM | 7.2 HIGH |
| An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values. | |||||
| CVE-2017-8035 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2022-02-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation. | |||||
| CVE-2017-8033 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2022-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM. | |||||
| CVE-2017-8036 | 1 Cloudfoundry | 1 Capi-release | 2022-02-09 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially crafted application. | |||||