The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof Feed and Schedule data by creating a modified blocks_v4.json...
5.9CVSS
5.5AI Score
0.001EPSS
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI....
6.5CVSS
6AI Score
0.001EPSS
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not...
6.5CVSS
6AI Score
0.003EPSS
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721...
10CVSS
9.6AI Score
0.014EPSS
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build...
8.8CVSS
9.1AI Score
0.002EPSS
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting...
5.4CVSS
4.9AI Score
0.001EPSS
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive...
6.5CVSS
6.1AI Score
0.001EPSS
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration...
8.8CVSS
8.1AI Score
0.003EPSS
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious...
6.1CVSS
5.7AI Score
0.002EPSS
The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a...
8.8CVSS
8.3AI Score
0.001EPSS
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes.....
An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled...
5CVSS
5.2AI Score
0.001EPSS
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use...
5.9CVSS
5.7AI Score
0.018EPSS
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified...
7.8CVSS
7.2AI Score
0.0004EPSS
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified...
8.1CVSS
7.5AI Score
0.003EPSS
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified...
6.5CVSS
5.9AI Score
0.001EPSS
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified...
6.5CVSS
6.6AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than...
5.4CVSS
5.1AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than...
5.4CVSS
5.1AI Score
0.001EPSS
HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC)...
8.8CVSS
8.6AI Score
0.002EPSS
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified...
5.5CVSS
5.9AI Score
0.0004EPSS
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench...
4CVSS
4.2AI Score
0.002EPSS
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified...
8.8CVSS
8.4AI Score
0.0004EPSS
Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown...
7.8AI Score
0.027EPSS
Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown...
6.5AI Score
0.0004EPSS
The Acquisition Workstation for the GE Healthcare Revolution XQ/i has a password of adw3.1 for the sdc user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed...
7AI Score
0.003EPSS
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows...
6.7AI Score
0.015EPSS
HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative...
7.1AI Score
0.0004EPSS
Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 5R4, 6.1, and 7.1 on Windows allows local users to gain privileges via unspecified...
6.8AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP header, a different vulnerability than...
5.7AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in the Omake BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted...
5.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than...
5.6AI Score
0.003EPSS
The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI...
7.8AI Score
0.008EPSS
The I Know the Movie (aka com.guilardi.jesaislefilm2) application jesais_film_android_1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka...
7.5AI Score
0.971EPSS
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery...
7.9AI Score
0.019EPSS
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project...
6.8AI Score
0.002EPSS
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup...
6.9AI Score
0.001EPSS
Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 and 9.2 through 9.24 allows remote authenticated users to execute arbitrary code by leveraging the OMi operator...
7.5AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.7AI Score
0.017EPSS
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown...
7.9AI Score
0.034EPSS
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default...
8.7AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call...
5.9AI Score
0.003EPSS
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote...
6.2AI Score
0.006EPSS
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of...
6.7AI Score
0.006EPSS
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a....
6.7AI Score
0.001EPSS
The web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC, H8DG, H8SCM-F, H8SGL-F, H8SM, X7SP, X8DT, X8SI, X9DAX-, X9DB, X9DR, X9QR, X9SBAA-F, X9SC, X9SPU-F, and X9SR devices relies on JavaScript code on the client for authorization checks, which...
6.7AI Score
0.016EPSS
Multiple stack-based buffer overflows in the web interface in the Intelligent Platform Management Interface (IPMI) implementation on Supermicro H8DC, H8DG, H8SCM-F, H8SGL-F, H8SM, X7SP, X8DT, X8SI, X9DAX-, X9DB, X9DR, X9QR, X9SBAA-F, X9SC, X9SPU-F, and X9SR devices allow remote attackers to...
8.3AI Score
0.084EPSS