Latest CVE Feed
-
7.5
HIGHCVE-2017-6046
An Insufficiently Protected Credentials issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Sensitive information is insufficiently protected during transmission and v... Read more
Affected Products : airlink_raven_xe_firmware airlink_raven_xt_firmware airlink_raven_xe airlink_raven_xt- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2017-6044
An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a r... Read more
Affected Products : airlink_raven_xe_firmware airlink_raven_xt_firmware airlink_raven_xe airlink_raven_xt- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
8.8
HIGHCVE-2017-6042
A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in us... Read more
Affected Products : airlink_raven_xe_firmware airlink_raven_xt_firmware airlink_raven_xe airlink_raven_xt- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6041
An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dua... Read more
Affected Products : a320_firmware a325_firmware a371_firmware a520_master_firmware a520_slave_firmware a530_firmware a542_firmware a571_firmware check_bin_grader_firmware flowlineqc_t376_firmware +34 more products- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-6040
An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously.... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
7.1
HIGHCVE-2017-6038
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-6036
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destin... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6034
An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: ... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-6032
A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-6030
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions... Read more
Affected Products : modicon_m221_firmware modicon_m241_firmware modicon_m251_firmware modicon_m241 modicon_m251 modicon_m221- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6028
An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them su... Read more
Affected Products : modicon_m221_firmware modicon_m241_firmware modicon_m251_firmware modicon_m241 modicon_m251- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.1
CRITICALCVE-2017-6026
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the we... Read more
Affected Products : modicon_m221_firmware modicon_m241_firmware modicon_m251_firmware modicon_m241 modicon_m251- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-6022
A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, wh... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-6018
An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, an... Read more
- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-6017
A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP34203... Read more
Affected Products : bmxnoe0100_firmware bmxnoe0110_firmware bmxnor0200h_firmware bmxnoc0401_firmware bmxnoe0110h_firmware modicon_m340_bmxp341000_firmware modicon_m340_bmxp342020_firmware modicon_m340_bmxp342030_firmware modicon_m340_bmxp342000_firmware modicon_m340_bmxp3420102_firmware +20 more products- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
10.0
HIGHCVE-2016-9358
A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dua... Read more
Affected Products : a320_firmware a325_firmware a371_firmware a520_master_firmware a520_slave_firmware a530_firmware a542_firmware a571_firmware check_bin_grader_firmware flowlineqc_t376_firmware +34 more products- Published: Jun. 30, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-10688
In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.... Read more
Affected Products : libtiff- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-10687
In LibSass 3.4.5, there is a heap-based buffer over-read in the function json_mkstream() in sass_context.cpp. A crafted input will lead to a remote denial of service attack.... Read more
Affected Products : libsass- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
7.8
HIGHCVE-2017-10686
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple... Read more
- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-10685
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.... Read more
Affected Products : ncurses- Published: Jun. 29, 2017
- Modified: Apr. 20, 2025