For providers

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor...

Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a...

Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was...

A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor...

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code...

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.

An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message.

An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message.