Filtered by vendor Cisa
Subscribe
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-35435 | 1 Cisa | 1 Thorium | 2025-09-26 | N/A | 4.3 MEDIUM |
| CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6. | |||||
| CVE-2025-35431 | 1 Cisa | 1 Thorium | 2025-09-26 | N/A | 5.4 MEDIUM |
| CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1. | |||||
| CVE-2025-35432 | 1 Cisa | 1 Thorium | 2025-09-23 | N/A | 5.3 MEDIUM |
| CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes. | |||||
| CVE-2025-35434 | 1 Cisa | 1 Thorium | 2025-09-23 | N/A | 4.2 MEDIUM |
| CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2. | |||||
| CVE-2025-35433 | 1 Cisa | 1 Thorium | 2025-09-23 | N/A | 5.0 MEDIUM |
| CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1. | |||||
| CVE-2023-7244 | 1 Cisa | 1 Icsnpp-ethercat | 2024-11-21 | N/A | 9.8 CRITICAL |
| Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution. | |||||
| CVE-2023-7243 | 1 Cisa | 1 Icsnpp-ethercat | 2024-11-21 | N/A | 9.8 CRITICAL |
| Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution. | |||||
| CVE-2023-7242 | 1 Cisa | 1 Icsnpp-ethercat | 2024-11-21 | N/A | 8.2 HIGH |
| Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds read during the process of analyzing a specific Ethercat packet. This could allow an attacker to crash the Zeek process and leak some information in memory. | |||||