C Security Vulnerabilities
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local...
6.7CVSS
7.9AI Score
0.0004EPSS
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to...
7.8CVSS
7.5AI Score
0.0004EPSS
In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects...
8.8CVSS
8.9AI Score
0.001EPSS
In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0...
8CVSS
8.3AI Score
0.001EPSS
A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the...
9.8CVSS
9.6AI Score
0.001EPSS
async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP...
9.8CVSS
9.7AI Score
0.001EPSS
The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder...
5.3CVSS
5.4AI Score
0.001EPSS
A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads.....
7.5CVSS
7.5AI Score
0.001EPSS
Where this vulnerability exists in the Rockwell Automation 1756 EN2 and 1756 EN3 ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to...
9.8CVSS
9.5AI Score
0.001EPSS
Memory Corruption in Data Modem while processing DMA buffer release event about CFR...
7.8CVSS
7.7AI Score
0.0004EPSS
6.8CVSS
6.6AI Score
0.001EPSS
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from...
9.8CVSS
9.4AI Score
0.001EPSS
Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory...
7.8CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.6AI Score
0.0004EPSS
An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its...
5.5CVSS
5.2AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7.8CVSS
8.1AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7CVSS
7.5AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7CVSS
7.5AI Score
0.0004EPSS
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information...
7CVSS
7.5AI Score
0.0004EPSS
Weak session management in DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15 allows attackers on the same network to bypass authentication by re-using the IP address assigned to the device by the NAT...
5.7CVSS
5.7AI Score
0.0004EPSS
In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and...
8.8CVSS
8.6AI Score
0.001EPSS
Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged...
7.8CVSS
7.7AI Score
0.0004EPSS
Memory corruption due to improper access control in kernel while processing a mapping request from root...
7.8CVSS
7.6AI Score
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request...
7.9CVSS
8AI Score
0.001EPSS
7.1CVSS
5.2AI Score
0.0004EPSS
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or...
7.8CVSS
7.8AI Score
0.0004EPSS
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening...
9.8CVSS
9.3AI Score
0.003EPSS
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full...
6.8CVSS
6.9AI Score
0.001EPSS
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful...
7.5CVSS
7.5AI Score
0.001EPSS
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number...
6.5CVSS
7AI Score
0.001EPSS
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...
6.4CVSS
7.1AI Score
0.0004EPSS
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the...
3.7CVSS
5.7AI Score
0.001EPSS
Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R...
5.3CVSS
5.3AI Score
0.001EPSS
Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to...
8.2CVSS
8.2AI Score
0.002EPSS
Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component...
7.2CVSS
7.5AI Score
0.002EPSS
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
8.4CVSS
7.7AI Score
0.0004EPSS
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface...
8.8CVSS
8.3AI Score
0.001EPSS
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API...
8.8CVSS
8.5AI Score
0.001EPSS
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not...
5.9CVSS
5.7AI Score
0.001EPSS
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is...
4.9CVSS
5.1AI Score
0.001EPSS
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then...
8.8CVSS
8.3AI Score
0.001EPSS
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only...
6.5CVSS
6.4AI Score
0.0005EPSS
5.5CVSS
5.8AI Score
0.0004EPSS
8.2CVSS
7.4AI Score
0.001EPSS
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command...
7.8CVSS
7.8AI Score
0.0004EPSS