Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7845 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2022-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-125: Out-of-bounds Read vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of unexpected data from the controller when reading specific memory blocks in the controller over Modbus. | |||||
| CVE-2018-7843 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2022-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus. | |||||
| CVE-2018-7842 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2022-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. | |||||
| CVE-2013-0662 | 2 Schneider-electric, Schneider Electric | 13 Concept, Modbus Serial Driver, Modbuscommdtm Sl and 10 more | 2022-02-03 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header. | |||||
| CVE-2021-46510 | 1 Cesanta | 1 Mjs | 2022-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c in Cesanta MJS v2.20.0. | |||||
| CVE-2021-46506 | 1 Jsish | 1 Jsish | 2022-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsish v3.5.0. | |||||
| CVE-2021-37866 | 1 Mattermost | 1 Mattermost Boards | 2022-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a session on the server-side when a user logged out of Boards, which allows an attacker to reuse old session token for authorization. | |||||
| CVE-2020-7559 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2022-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | |||||
| CVE-2021-43746 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2022-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose sensitive information on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it. | |||||
| CVE-2021-43024 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2022-02-03 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | |||||
| CVE-2021-40773 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2022-02-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-40745 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2022-02-03 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. By leveraging an exposed XML file, an unauthenticated attacker can enumerate other files on the server. | |||||
| CVE-2017-6030 | 1 Schneider-electric | 6 Modicon M221, Modicon M221 Firmware, Modicon M241 and 3 more | 2022-02-03 | 6.4 MEDIUM | 6.5 MEDIUM |
| A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections. | |||||
| CVE-2017-6028 | 1 Schneider-electric | 4 Modicon M241, Modicon M241 Firmware, Modicon M251 and 1 more | 2022-02-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. | |||||
| CVE-2021-22816 | 1 Schneider-electric | 18 Scadapack 312e, Scadapack 312e Firmware, Scadapack 313e and 15 more | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E and 357E RTUs with firmware V8.18.1 and prior | |||||
| CVE-2021-46447 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module. | |||||
| CVE-2021-46445 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. | |||||
| CVE-2021-46444 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. | |||||
| CVE-2021-46446 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. | |||||
| CVE-2021-46448 | 1 Hhg-multistore | 1 Multistore | 2022-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. | |||||