| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks. |
| A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These
services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents. |
| Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch. |
| Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available. |
| Visual Studio Code Elevation of Privilege Vulnerability |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability |
| .NET Framework Information Disclosure Vulnerability |
| Microsoft Office Information Disclosure Vulnerability |
| Visual Studio Code Information Disclosure Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Visual Studio Code Remote Code Execution Vulnerability |
| Microsoft Word Remote Code Execution Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Win32k Elevation of Privilege Vulnerability |
| Microsoft Office Graphics Remote Code Execution Vulnerability |
| Microsoft Office Remote Code Execution Vulnerability |
| Web Account Manager Information Disclosure Vulnerability |
