Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long ZIP directory entry name in an XPS. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 76.1%.
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 59.5%.
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.