CVSS: 7.8EPSS: 0%CPEs: 152EXPL: 0CVE-2022-3088
https://notcve.org/view.php?id=CVE-2022-3088
22 Nov 2022 — UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Image: Versions v1.0 to v1.12, UC-2100-W System Image: Versions v1.0 to v 1.12, UC-3100 System Image: Versions v1.0 to v1.6, UC-5100 System Image: Versions v1.0 to v1.4, UC-8100 System Image: Versions v3.0 to v3.5, UC-8100-ME-T System Image: Versions v3.0 and v3.1, UC-8200 System Image: v1.0 to v1.5, AIG-300 System Image: v1.0 to v1.4, UC-8410A with Debian 9 System Image: Versions v4.0.2 and v4.1.2, UC-8580 with Debian 9 System Imag... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-05 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2021-31891
https://notcve.org/view.php?id=CVE-2021-31891
14 Sep 2021 — A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS running on Debian 9 or earlier), Operation Scheduler (All versions with OIS running on Debian 9 or earlier), Siveillance Control (All versions with OIS running on Debian 9 or earlier), Siveillance Control Pro (All versions). The affected application incorrectly neutralizes special elements in a specific HTTP GET request which could lead to command injection. An unauthenticated remote... • https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0175
https://notcve.org/view.php?id=CVE-2014-0175
13 Dec 2019 — mcollective has a default password set at install mcollective presenta una contraseña predeterminada establecida en la instalación. • https://access.redhat.com/security/cve/cve-2014-0175 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2019-9210 – advancecomp: integer overflow in png_compress in pngex.cc
https://notcve.org/view.php?id=CVE-2019-9210
27 Feb 2019 — In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) En la versión 2.1 de AdvanceCOMP, png_compress en pngex.cc en advpng tiene un desbordamiento de enteros, al encontrarse con un tamaño de PNG inválido, lo que conduce a que un memcpy intente escribirse en un búfer que es demasiado pequeño. (Hay, también, una sobrelectu... • https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-19200
https://notcve.org/view.php?id=CVE-2018-19200
12 Nov 2018 — An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function. Se ha descubierto un problema en versiones anteriores a la 0.9.0 de uriparser. UriCommon.c permite el intento de operaciones en entradas NULL mediante una función uriResetUri*. • https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 6%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13081 – FreeBSD Security Advisory - FreeBSD-SA-17:07.wpa
https://notcve.org/view.php?id=CVE-2017-13081
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11w permite la reinstalación de la clave temporal IGTK (Integrity Group Temporal Key) durante el handshake de clave de grupo, haciendo que un atacante en el rango de radio suplante frames desde los puntos d... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 6.8EPSS: 1%CPEs: 85EXPL: 0CVE-2017-13084 – Slackware Security Advisory - wpa_supplicant Updates
https://notcve.org/view.php?id=CVE-2017-13084
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave STK (Transient Key) STSL (Station-To-Station-Link) durante la negociación PeerKey, haciendo que un atacante que se sitúe dentro del radio reproduzca, descifre o suplante frames. New wpa_supplicant packages are avai... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13088 – wpa_supplicant: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
https://notcve.org/view.php?id=CVE-2017-13088
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) que soporte IEEE 802.11v permite la reinstalación de la clave temporal GTK (Integrity Group Temporal Key) cuando se procesa un frame Wireless Network Management (WNM) Sleep Mode Respons... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •
CVSS: 8.1EPSS: 0%CPEs: 85EXPL: 0CVE-2017-13078 – wpa_supplicant: Reinstallation of the group key in the 4-way handshake
https://notcve.org/view.php?id=CVE-2017-13078
16 Oct 2017 — Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. Wi-Fi Protected Access (WPA y WPA2) permite la reinstalación de la clave temporal GTK (Group Temporal Key) durante la negociación en cuatro pasos, haciendo que un atacante en el rango de radio reproduzca frames desde los puntos de acceso hasta los clientes. A new exploitation technique called key rei... • http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00020.html • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE-330: Use of Insufficiently Random Values •