Proton
Monthly
Out-of-bounds write vulnerability in Proton versions before 1.6.16 allows remote attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the inflate.C module within the base/poco/Foundation components and can be exploited over the network without authentication or user interaction. A patch is available to remediate this critical flaw.
Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices allow Username Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices allow Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices have Hard-coded Credentials. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write vulnerability in Proton versions before 1.6.16 allows remote attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability resides in the inflate.C module within the base/poco/Foundation components and can be exploited over the network without authentication or user interaction. A patch is available to remediate this critical flaw.
Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices allow Username Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Optergy Proton/Enterprise devices have an Unauthenticated SMS Sending Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices allow Unauthenticated Internal Network Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices allow Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Optergy Proton/Enterprise devices have Hard-coded Credentials. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.