895 items
Unread (4693) All Dismissed
CRITICAL
CVE-2022-0715 (CVSS 9.1) — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily ...
NVD CVE-2022-0715 1562d ago
CRITICAL
CVE-2022-23305 (CVSS 9.8) — By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter whe...
NVD CVE-2022-23305 1613d ago
CRITICAL
CVE-2021-44732 (CVSS 9.8) — Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an m...
NVD CVE-2021-44732 1642d ago
CRITICAL
CVE-2019-25052 (CVSS 9.1) — In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call updat...
NVD CVE-2019-25052 1773d ago
CRITICAL
CVE-2021-33485 (CVSS 9.8) — CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
NVD CVE-2021-33485 1781d ago
CRITICAL
CVE-2021-22779 (CVSS 9.1) — Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions p...
NVD CVE-2021-22779 1801d ago
CRITICAL
CVE-2021-22768 (CVSS 9.8) — A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and ne...
NVD CVE-2021-22768CVE-2021-22767 1834d ago
CRITICAL
CVE-2021-22767 (CVSS 9.8) — A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and ne...
NVD CVE-2021-22767CVE-2021-2276 1834d ago
CRITICAL
CVE-2021-22765 (CVSS 9.8) — A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and ne...
NVD CVE-2021-22765 1834d ago
CRITICAL
CVE-2021-22763 (CVSS 9.8) — A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogi...
NVD CVE-2021-22763 1834d ago
CRITICAL
CVE-2020-15782 (CVSS 9.8) — A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA...
NVD CVE-2020-15782 1848d ago
CRITICAL
CVE-2021-27384 (CVSS 9.8) — A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPL...
NVD CVE-2021-27384 1864d ago
CRITICAL
CVE-2020-15798 (CVSS 9.8) — A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versi...
NVD CVE-2020-15798 1956d ago
CRITICAL
CVE-2020-27285 (CVSS 9.1) — The default configuration of Crimson 3.1 (Build versions prior to 3119.001) allows a user to be able...
NVD CVE-2020-27285 1990d ago
CRITICAL
CVE-2020-28271 (CVSS 9.8) — Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause...
NVD CVE-2020-28271 2044d ago
CRITICAL
CVE-2020-15786 (CVSS 9.8) — A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variant...
NVD CVE-2020-15786 2108d ago
CRITICAL
CVE-2020-7489 (CVSS 9.8) — A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Inj...
NVD CVE-2020-7489 2248d ago
CRITICAL
CVE-2020-6990 (CVSS 9.8) — Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, ...
NVD CVE-2020-6990 2286d ago
CRITICAL
CVE-2019-17571 (CVSS 9.8) — Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted dat...
NVD CVE-2019-17571 2373d ago
CRITICAL
CVE-2019-18269 (CVSS 9.8) — Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability.
NVD CVE-2019-18269 2376d ago
CRITICAL
CVE-2019-19006 (CVSS 9.8) — Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Ac...
NVD CVE-2019-19006 2401d ago
CRITICAL
CVE-2019-1010292 (CVSS 9.8) — Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This co...
NVD CVE-2019-1010292 2530d ago
CRITICAL
CVE-2019-1010298 (CVSS 9.8) — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code executio...
NVD CVE-2019-1010298 2530d ago
CRITICAL
CVE-2019-1010297 (CVSS 9.8) — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of ...
NVD CVE-2019-1010297 2530d ago
CRITICAL
CVE-2019-1010296 (CVSS 9.8) — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code executio...
NVD CVE-2019-1010296 2530d ago
CRITICAL
CVE-2019-1010295 (CVSS 9.8) — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corrup...
NVD CVE-2019-1010295 2530d ago
CRITICAL
CVE-2019-1010293 (CVSS 9.8) — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corr...
NVD CVE-2019-1010293 2530d ago
CRITICAL
CVE-2017-14854 (CVSS 9.1) — A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code...
NVD CVE-2017-14854 2572d ago
CRITICAL
CVE-2017-14851 (CVSS 9.8) — A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnera...
NVD CVE-2017-14851 2572d ago
CRITICAL
CVE-2017-14728 (CVSS 9.8) — An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS ...
NVD CVE-2017-14728 2572d ago
CRITICAL
CVE-2018-16988 (CVSS 9.8) — An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exi...
NVD CVE-2018-16988 2604d ago
CRITICAL
CVE-2019-11068 (CVSS 9.8) — libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and ...
NVD CVE-2019-11068 2626d ago
CRITICAL
CVE-2019-9201 (CVSS 9.8) — Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and o...
NVD CVE-2019-9201 2669d ago
CRITICAL
CVE-2018-7791 (CVSS 9.8) — A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M...
NVD CVE-2018-7791 2850d ago
CRITICAL
CVE-2018-7790 (CVSS 9.8) — An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (a...
NVD CVE-2018-7790 2850d ago
CRITICAL
CVE-2018-8859 (CVSS 9.8) — Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 ...
NVD CVE-2018-8859 2887d ago
CRITICAL
CVE-2018-8855 (CVSS 9.8) — Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 ...
NVD CVE-2018-8855 2887d ago
CRITICAL
CVE-2018-8851 (CVSS 9.8) — Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 ...
NVD CVE-2018-8851 2887d ago
CRITICAL
CVE-2018-10627 (CVSS 9.8) — Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 ...
NVD CVE-2018-10627 2887d ago
CRITICAL
CVE-2018-11091 (CVSS 9.9) — An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserv...
NVD CVE-2018-11091 2957d ago
CRITICAL
CVE-2018-1273 (CVSS 9.8) — Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions...
NVD CVE-2018-1273 2991d ago
CRITICAL
CVE-2018-1000042 (CVSS 9.8) — Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralizati...
NVD CVE-2018-1000042 3051d ago
CRITICAL
CVE-2018-1000034 (CVSS 9.1) — An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a ...
NVD CVE-2018-1000034 3051d ago
CRITICAL
CVE-2018-1000033 (CVSS 9.1) — An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a ...
NVD CVE-2018-1000033 3051d ago
CRITICAL
CVE-2018-3601 (CVSS 9.8) — A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could a...
NVD CVE-2018-3601 3051d ago
CRITICAL
CVE-2018-6825 (CVSS 9.8) — An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH server exists with a hardcoded...
NVD CVE-2018-6825 3052d ago
CRITICAL
CVE-2018-6871 (CVSS 9.8) — LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =W...
NVD CVE-2018-6871 3052d ago
CRITICAL
CVE-2018-6789 (CVSS 9.8) — An issue was discovered in the base64d function in the SMTP listener in Exim before 4.90.1. By sendi...
NVD CVE-2018-6789 3052d ago
CRITICAL
CVE-2018-6180 (CVSS 9.8) — A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an a...
NVD CVE-2018-6180 3052d ago
CRITICAL
CVE-2018-1163 (CVSS 9.8) — This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Q...
NVD CVE-2018-1163 3052d ago
CRITICAL NVD Wed, 09 Mar 2022 20:15:08 UTC
CVE-2022-0715 (CVSS 9.1) — A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily ...
https://nvd.nist.gov/vuln/detail/CVE-2022-0715
TL;DR
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS …
CVE-2022-0715
Read full story ↗