Vulnerabilities (CVE)

Filtered by CWE-1284
Total 135 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6068 2024-11-15 N/A 7.3 HIGH
A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.
CVE-2024-48290 2024-11-08 N/A 4.3 MEDIUM
An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.
CVE-2023-38709 2024-11-05 N/A 7.3 HIGH
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
CVE-2023-52343 2024-11-04 N/A 5.5 MEDIUM
In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed
CVE-2023-31304 2024-11-04 N/A 2.3 LOW
Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF)     to modify the PCIe® lane count and speed, potentially leading to a loss of availability.
CVE-2023-31310 2024-10-31 N/A 5.0 MEDIUM
Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability.
CVE-2024-27360 1 Samsung 16 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 13 more 2024-10-30 N/A 7.5 HIGH
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service.
CVE-2022-31629 3 Debian, Fedoraproject, Php 3 Debian Linux, Fedora, Php 2024-10-29 N/A 6.5 MEDIUM
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
CVE-2024-7316 2024-10-18 N/A 5.9 MEDIUM
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.
CVE-2023-38744 1 Omron 24 Cj1w-eip21, Cj1w-eip21 Firmware, Cj2h-cpu64-eip and 21 more 2024-10-17 N/A 7.5 HIGH
Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.
CVE-2021-31346 1 Siemens 17 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 14 more 2024-10-08 6.4 MEDIUM 9.1 CRITICAL
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
CVE-2021-31345 1 Siemens 16 Apogee Modular Building Controller, Apogee Modular Building Controller Firmware, Apogee Modular Equiment Controller and 13 more 2024-10-08 6.4 MEDIUM 9.1 CRITICAL
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)
CVE-2024-24690 1 Zoom 5 Meeting Software Development Kit, Rooms, Vdi Windows Meeting Clients and 2 more 2024-10-04 N/A 6.5 MEDIUM
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-8887 1 Circutor 2 Q-smt, Q-smt Firmware 2024-10-01 N/A 8.6 HIGH
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.
CVE-2022-2277 1 Hitachienergy 2 Microscada X Sys600, Sys600 2024-09-25 N/A 7.5 HIGH
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
CVE-2022-28613 2 Abb, Hitachienergy 3 Rtu500 Firmware, Rtu500, Rtu500 Firmware 2024-09-25 7.8 HIGH 7.5 HIGH
A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is en-abled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the receiving RTU500 CMU to reboot. The vulnerability is caused by the validation error in the length information carried in MBAP header in the HCI Modbus TCP function.
CVE-2023-4518 1 Hitachienergy 6 Relion 650, Relion 650 Firmware, Relion 670 and 3 more 2024-09-23 N/A 7.5 HIGH
A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured.
CVE-2022-25769 2024-09-20 N/A 7.2 HIGH
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
CVE-2024-31416 1 Eaton 1 Foreseer Electrical Power Monitoring System 2024-09-19 N/A 6.5 MEDIUM
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow.
CVE-2024-0111 1 Nvidia 1 Cuda Toolkit 2024-09-18 N/A 4.4 MEDIUM
NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering.