CyberSecurityBoard
Sponsor Register Login

CVE-2022-3864

A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.

Publication date: Thu, 04 Jan 2024 16:15:00 +0000


Cyber News related to CVE-2022-3864

CVE-2022-48919 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2022-3864 - ...
1 year ago
CVE-2013-1342 - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain ...
6 years ago
CVE-2013-1344 - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain ...
6 years ago
CVE-2013-1343 - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain ...
6 years ago
CVE-2013-3865 - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain ...
6 years ago
CVE-2013-3864 - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain ...
6 years ago
CVE-2006-3864 - Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file ...
6 years ago
CVE-2006-3650 - Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that ...
6 years ago
CVE-2015-3864 - Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. ...
7 years ago
CVE-2005-3864 - SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the ...
14 years ago
CVE-2011-3864 - Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. ...
12 years ago
CVE-2007-3864 - Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10.1.2 have unknown impact and remote attack vectors via (1) Instant Messaging/Presence (OCS01) and (2) Oracle Single Sign On (AS02). As the impact type is unspecified, it has been ...
7 years ago
CVE-2016-3864 - The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal ...
7 years ago
CVE-2014-3864 - Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line. ...
7 years ago
CVE-2008-3864 - The ApiThread function in the firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, allows remote attackers to cause ...
6 years ago
CVE-2009-3864 - The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which ...
6 years ago
CVE-2012-3864 - Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET ...
5 years ago
CVE-2019-3864 - A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in ...
5 years ago
CVE-2020-3864 - A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have ...
3 years ago
CVE-2021-3864 - A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant ...
2 years ago
CVE-2017-3864 - A vulnerability in the DHCP client implementation of Cisco IOS (12.2, 12.4, and 15.0 through 15.6) and Cisco IOS XE (3.3 through 3.7) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability ...
4 years ago
CVE-2020-1627 - A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the ...
3 years ago
CVE-2010-3864 - Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers ...
2 years ago
CVE-2018-3864 - An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)