Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27196 | 1 Hitachienergy | 18 Fox615 Tego1, Fox615 Tego1 Firmware, Gms600 and 15 more | 2023-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the attack, as well as the IP addresses of the different IEC 61850 access points (of IEDs/products), to force the device to reboot, which renders the device inoperable for approximately 60 seconds. This vulnerability affects only products with IEC 61850 interfaces. This issue affects: Hitachi ABB Power Grids Relion 670 Series 1.1; 1.2.3 versions prior to 1.2.3.20; 2.0 versions prior to 2.0.0.13; 2.1; 2.2.2 versions prior to 2.2.2.3; 2.2.3 versions prior to 2.2.3.2. Hitachi ABB Power Grids Relion 670/650 Series 2.2.0 versions prior to 2.2.0.13. Hitachi ABB Power Grids Relion 670/650/SAM600-IO 2.2.1 versions prior to 2.2.1.6. Hitachi ABB Power Grids Relion 650 1.1; 1.2; 1.3 versions prior to 1.3.0.7. Hitachi ABB Power Grids REB500 7.3; 7.4; 7.5; 7.6; 8.2; 8.3. Hitachi ABB Power Grids RTU500 Series 7.x version 7.x and prior versions; 8.x version 8.x and prior versions; 9.x version 9.x and prior versions; 10.x version 10.x and prior versions; 11.x version 11.x and prior versions; 12.x version 12.x and prior versions. Hitachi ABB Power Grids FOX615 (TEGO1) R1D02 version R1D02 and prior versions. Hitachi ABB Power Grids MSM 2.1.0 versions prior to 2.1.0. Hitachi ABB Power Grids GMS600 1.3.0 version 1.3.0 and prior versions. Hitachi ABB Power Grids PWC600 1.0 versions prior to 1.0.1.4; 1.1 versions prior to 1.1.0.1. | |||||
| CVE-2018-20720 | 1 Hitachienergy | 2 Relion 630, Relion 630 Firmware | 2023-05-16 | 7.8 HIGH | 7.5 HIGH |
| ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. | |||||
| CVE-2019-18247 | 1 Hitachienergy | 4 Relion 650, Relion 650 Firmware, Relion 670 and 1 more | 2023-05-16 | 7.8 HIGH | 7.5 HIGH |
| An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. | |||||
| CVE-2017-14025 | 1 Hitachienergy | 2 Fox515t, Fox515t Firmware | 2023-05-16 | 2.1 LOW | 5.5 MEDIUM |
| An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. | |||||
| CVE-2019-19095 | 1 Hitachienergy | 1 Esoms | 2023-05-16 | 3.5 LOW | 5.4 MEDIUM |
| Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database. | |||||
| CVE-2020-25643 | 6 Debian, Linux, Netapp and 3 more | 7 Debian Linux, Linux Kernel, H410c and 4 more | 2023-05-16 | 7.5 HIGH | 7.2 HIGH |
| A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2022-20338 | 1 Google | 1 Android | 2023-05-15 | N/A | 3.3 LOW |
| In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843 | |||||
| CVE-2023-29026 | 1 Rockwellautomation | 4 Armorstart St 281e, Armorstart St 281e Firmware, Armorstart St 284ee and 1 more | 2023-05-15 | N/A | 5.9 MEDIUM |
| A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page. | |||||
| CVE-2023-25930 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2023-05-12 | N/A | 5.9 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862. | |||||
| CVE-2023-31039 | 1 Apache | 1 Brpc | 2023-05-12 | N/A | 9.8 CRITICAL |
| Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file. An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process. Solution: 1. upgrade to bRPC >= 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218 | |||||
| CVE-2023-30434 | 1 Ibm | 2 Elastic Storage System, Spectrum Scale | 2023-05-11 | N/A | 5.5 MEDIUM |
| IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | |||||
| CVE-2023-29255 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2023-05-11 | N/A | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. | |||||
| CVE-2023-27555 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2023-05-11 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187. | |||||
| CVE-2023-26022 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2023-05-11 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. | |||||
| CVE-2023-26021 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2023-05-11 | N/A | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. | |||||
| CVE-2022-43919 | 1 Ibm | 1 Mq Appliance | 2023-05-11 | N/A | 6.5 MEDIUM |
| IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. | |||||
| CVE-2019-15613 | 2 Nextcloud, Opensuse | 2 Nextcloud Server, Backports | 2023-05-11 | 6.0 MEDIUM | 8.0 HIGH |
| A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | |||||
| CVE-2023-21498 | 1 Samsung | 1 Android | 2023-05-11 | N/A | 7.8 HIGH |
| Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. | |||||
| CVE-2023-21494 | 1 Samsung | 2 Android, Exynos | 2023-05-11 | N/A | 9.8 CRITICAL |
| Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | |||||
| CVE-2023-21504 | 1 Samsung | 1 Android | 2023-05-11 | N/A | 9.8 CRITICAL |
| Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | |||||