Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.
Max CVSS
10.0
EPSS Score
0.33%
Published
2012-05-25
Updated
2012-05-28
Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.
Max CVSS
10.0
EPSS Score
0.27%
Published
2012-05-25
Updated
2012-05-28
The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.27%
Published
2012-05-25
Updated
2012-05-28
The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.14%
Published
2012-05-25
Updated
2012-05-28
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-05-16
Updated
2022-05-25
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-05-16
Updated
2022-05-25
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized attacker to execute arbitrary code.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-05-16
Updated
2022-05-25
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!