National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): OPC
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 201 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-16196

Multiple Yokogawa products that contain Vnet/IP Open Communication Driver (CENTUM CS 3000(R3.05.00 - R3.09.50), CENTUM CS 3000 Entry Class(R3.05.00 - R3.09.50), CENTUM VP(R4.01.00 - R6.03.10), CENTUM VP Entry Class(R4.01.00 - R6.03.10), Exaopc(R3.10.00 - R3.75.00), PRM(R2.06.00 - R3.31.00), ProSafe-RS(R1.02.00 - R4.02.00), FAST/TOOLS(R9.02.00 - R10.02.00), B/M9000 VP(R6.03.01 - R8.01.90)) allows remote attackers to cause a denial of service attack that may result in stopping Vnet/IP Open Communication Driver's communication via unspecified vectors.

Published: January 09, 2019; 06:29:04 PM -05:00
(not available)
CVE-2018-1000813

Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScript from an unexpected source.. This attack appear to be exploitable via A user must be directed to an affected page while logged in.. This vulnerability appears to have been fixed in 1.11.1 and later.

Published: December 20, 2018; 10:29:00 AM -05:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-17157

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error when handling opcodes can cause memory corruption by sending a specially crafted NFSv4 request. Unprivileged remote users with access to the NFS server may be able to execute arbitrary code.

Published: December 04, 2018; 10:29:00 AM -05:00
(not available)
CVE-2018-7116

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

Published: December 03, 2018; 10:29:00 AM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-7115

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions.

Published: December 03, 2018; 10:29:00 AM -05:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-18920

Py-EVM v0.2.0-alpha.33 allows attackers to make a vm.execute_bytecode call that triggers computation._stack.values with '"stack": [100, 100, 0]' where b'\x' was expected, resulting in an execution failure because of an invalid opcode. This is reportedly related to "smart contracts can be executed indefinitely without gas being paid."

Published: November 11, 2018; 09:29:00 PM -05:00
(not available)
CVE-2018-15704

Advantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.

Published: October 22, 2018; 03:29:00 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2018-14656

A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.

Published: October 08, 2018; 06:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-12087

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords.

Published: October 03, 2018; 02:29:00 PM -04:00
V3: 5.3 MEDIUM
V2: 2.1 LOW
CVE-2018-12585

An XXE vulnerability in the OPC UA Java and .NET Legacy Stack can allow remote attackers to trigger a denial of service.

Published: September 14, 2018; 05:29:03 PM -04:00
V3: 8.2 HIGH
V2: 6.4 MEDIUM
CVE-2018-12086

Buffer overflow in OPC UA applications allows remote attackers to trigger a stack overflow with carefully structured requests.

Published: September 14, 2018; 05:29:03 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-10907

It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.

Published: September 04, 2018; 09:29:11 AM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2018-13662

The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

Published: July 09, 2018; 02:29:10 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-12072

An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it.

Published: June 17, 2018; 04:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2017-12070

Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.

Published: June 14, 2018; 04:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-7559

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. A vulnerability in OPC UA applications can allow a remote attacker to determine a Server's private key by sending carefully constructed bad UserIdentityTokens as part of an oracle attack.

Published: June 13, 2018; 02:29:00 PM -04:00
V3: 5.3 MEDIUM
V2: 3.5 LOW
CVE-2017-17443

OPC Foundation Local Discovery Server (LDS) 1.03.370 required a security update to resolve multiple vulnerabilities that allow attackers to trigger a crash by placing invalid data into the configuration file. This vulnerability requires an attacker with access to the file system where the configuration file is stored; however, if the configuration file is altered the LDS will be unavailable until it is repaired.

Published: June 13, 2018; 02:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2017-11672

The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges.

Published: June 13, 2018; 02:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-8714

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries.

Published: May 17, 2018; 03:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 3.6 LOW
CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.

Published: April 29, 2018; 05:29:00 PM -04:00
V3: 4.7 MEDIUM
V2: 1.9 LOW