Export limit exceeded: 338214 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338214 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39458 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. The service uses a hard-coded default SSL certificate. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20509. | ||||
| CVE-2023-39459 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of Administrator. Was ZDI-CAN-20531. | ||||
| CVE-2023-39460 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Event Log Directory Traversal Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the creation of event logs. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20534. | ||||
| CVE-2023-39461 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of event logs. The issue results from improper sanitization of log output. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-20535. | ||||
| CVE-2024-30142 | 1 Hcltech | 1 Bigfix Compliance | 2025-06-17 | 3.8 Low |
| HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel. | ||||
| CVE-2023-39462 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability. This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the processing of workspace files. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this in conjunction with other vulnerabilitites to execute arbitrary code in the context of root. Was ZDI-CAN-20536. | ||||
| CVE-2023-39463 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Trusted Certification Unrestricted Upload of File Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the trusted certification feature. The issue lies in the handling of the OpcUaSecurityCertificateAuthorityTrustDir variable, which allows an arbitrary file write with attacker-controlled data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20537. | ||||
| CVE-2023-39464 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway GTWWebMonitorService Unquoted Search Path Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute code on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the GTWWebMonitorService service. The path to the service executable contains spaces not surrounded by quotations. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-20538. | ||||
| CVE-2024-30141 | 1 Hcltech | 1 Bigfix Compliance | 2025-06-17 | 4.7 Medium |
| HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data. | ||||
| CVE-2023-39465 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway Use of Hard-coded Cryptograhic Key Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TmwCrypto class. The issue results from the usage of a hard-coded cryptograhic key and the usage of a hard-coded certificate. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20615. | ||||
| CVE-2023-39466 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway get_config Missing Authentication Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_config endpoint. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20797. | ||||
| CVE-2023-39467 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway certificate Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of certificate web directory. The issue results from the exposure of sensitive information in the application webroot. An attacker can leverage this vulnerability to disclose sensitive information. Was ZDI-CAN-20798. | ||||
| CVE-2024-30140 | 1 Hcltech | 1 Bigfix Compliance | 2025-06-17 | 5.4 Medium |
| HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page. | ||||
| CVE-2023-39468 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2025-06-17 | N/A |
| Triangle MicroWorks SCADA Data Gateway DbasSectorFileToExecuteOnReset Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of DbasSectorFileToExecuteOnReset parameter. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20799. | ||||
| CVE-2024-30126 | 1 Hcltech | 1 Bigfix Compliance | 2025-06-17 | 4.7 Medium |
| HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking users into performing actions on the target website without their knowledge. | ||||
| CVE-2024-30125 | 1 Hcltech | 1 Bigfix Compliance | 2025-06-17 | 6.2 Medium |
| HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die. | ||||
| CVE-2024-22734 | 2 Amcs, Amcsgroup | 2 Trux Waste Management Software, Trux Waste Management | 2025-06-17 | 6.2 Medium |
| An issue was discovered in AMCS Group Trux Waste Management Software before version 7.19.0018.26912, allows local attackers to obtain sensitive information via a static, hard-coded AES Key-IV pair in the TxUtilities.dll and TruxUser.cfg components. | ||||
| CVE-2024-30850 | 1 Tiagorlampert | 1 Chaos | 2025-06-17 | 8.8 High |
| An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go | ||||
| CVE-2024-22526 | 1 Bandisoft | 1 Bandiview | 2025-06-17 | 5.5 Medium |
| Buffer Overflow vulnerability in bandisoft bandiview v7.0, allows local attackers to cause a denial of service (DoS) via exr image file. | ||||
| CVE-2024-23576 | 1 Hcltechsw | 1 Hcl Commerce | 2025-06-17 | 7.1 High |
| Security vulnerability in HCL Commerce 9.1.12 and 9.1.13 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | ||||