Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xarrow vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-33001
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized malicious user to execute arbitrary code.
Xarrow Xarrow
4.3
CVSSv2
CVE-2021-33021
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘edate’ of the resource xhisalarm.htm, which may allow an unauthorized malicious user to execute arbitrary code.
Xarrow Xarrow
10
CVSSv2
CVE-2012-2427
Heap-based buffer overflow in the server in xArrow prior to 3.4.1 allows remote malicious users to execute arbitrary code via packets that trigger an invalid free operation.
Xarrow Xarrow
10
CVSSv2
CVE-2012-2428
Integer overflow in the server in xArrow prior to 3.4.1 allows remote malicious users to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.
Xarrow Xarrow
10
CVSSv2
CVE-2012-2429
The server in xArrow prior to 3.4.1 performs an invalid read operation, which allows remote malicious users to execute arbitrary code via unspecified vectors.
Xarrow Xarrow
4.6
CVSSv2
CVE-2021-33025
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.
Xarrow Xarrow
7.8
CVSSv2
CVE-2012-2426
The server in xArrow prior to 3.4.1 does not properly allocate memory, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.
Xarrow Xarrow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started