RSS   Podatności dla 'Cx-supervisor'   RSS

2021-10-19
 
CVE-2021-20836

CWE-125
 

 
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.

 
2019-11-26
 
CVE-2019-18251

NVD-CWE-noinfo
 

 
In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit.

 
2019-02-12
 
CVE-2018-19020

CWE-125
 

 
When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.

 
 
CVE-2018-19018

CWE-824
 

 
An access of uninitialized pointer vulnerability in CX-Supervisor (Versions 3.42 and prior) could lead to type confusion when processing project files. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

 
2019-01-28
 
CVE-2018-19015

CWE-77
 

 
An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application.

 
2019-01-22
 
CVE-2018-19019

CWE-704
 

 
A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

 
 
CVE-2018-19017

CWE-416
 

 
Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.

 
 
CVE-2018-19013

CWE-77
 

 
An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.

 
 
CVE-2018-19011

CWE-94
 

 
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.

 
2018-11-05
 
CVE-2018-17913

CWE-704
 

 
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.

 


Copyright 2022, cxsecurity.com

 

Back to Top