Lucene search

K

1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Security Vulnerabilities

ics
ics

Siemens OPC UA Implementation in SINUMERIK ONE and SINUMERIK MC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

8AI Score

0.001EPSS

2023-12-14 12:00 PM
3
ics
ics

Siemens Simantic S7-1500 CPU family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

7.7AI Score

0.001EPSS

2023-12-14 12:00 PM
6
ics
ics

Philips Patient Monitoring Devices (Update C)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Low attack complexity Vendor: Philips Equipment: Patient Information Center iX (PICiX); PerformanceBridge Focal Point; IntelliVue Patient Monitors MX100, MX400-MX850, and MP2-MP90; and IntelliVue X2, and X3 Vulnerabilities: Improper...

8.8CVSS

7AI Score

0.001EPSS

2023-12-14 12:00 PM
49
ics
ics

Siemens User Management Component (UMC)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

8.8CVSS

7.9AI Score

0.001EPSS

2023-12-14 12:00 PM
16
ics
ics

Siemens SCALANCE and RUGGEDCOM M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.2CVSS

8AI Score

0.001EPSS

2023-12-14 12:00 PM
12
ics
ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.5AI Score

0.732EPSS

2023-12-14 12:00 PM
76
ics
ics

Siemens RUGGEDCOM and SCALANCE M-800/S615 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.1CVSS

7.7AI Score

0.002EPSS

2023-12-14 12:00 PM
6
kitploit
kitploit

APIDetector - Efficiently Scan For Exposed Swagger Endpoints Across Web Domains And Subdomains

APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false-positives. It's particularly useful for security professionals and developers who are engaged in API testing and vulnerability scanning......

7AI Score

2023-12-14 11:30 AM
7
jvn
jvn

JVN#18715935: Multiple vulnerabilities in GROWI

GROWI provided by WESEEK, Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the presentation feature (CWE-79) - CVE-2023-42436 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...

6.5CVSS

6.7AI Score

0.0005EPSS

2023-12-13 12:00 AM
10
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-201.135.6] - Revert ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey) - netfilter: nf_tables: split async and sync catchall in two functions (Pablo Neira Ayuso) - netfilter: nf_tables: remove catchall element in GC sync path (Pablo Neira Ayuso) - scsi:...

9.8CVSS

8.8AI Score

0.025EPSS

2023-12-13 12:00 AM
15
ics
ics

Schneider Electric Easy UPS Online Monitoring Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Vendor: Schneider Electric Equipment: Easy UPS Online Monitoring Software Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow elevation of privileges which could result in arbitrary file...

7.1CVSS

7.4AI Score

0.001EPSS

2023-12-12 12:00 PM
8
ics
ics

Schneider Electric Easy UPS Online Monitoring Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Vendor: Schneider Electric Equipment: Easy UPS Online Monitoring Software Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow elevation of privileges which could result in arbitrary file...

7.2AI Score

0.001EPSS

2023-12-12 12:00 PM
9
code423n4
code423n4

Fee-on-transfer/rebasing tokens will have problems when swapping

Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...

7.1AI Score

2023-12-12 12:00 AM
4
aix
aix

AIX is vulnerable to privilege escalation and denial of service

IBM SECURITY ADVISORY First Issued: Mon Dec 11 13:23:17 CST 2023 |Updated: Fri Feb 2 13:43:05 CST 2024 |Update: New iFixes are available. The new iFixes resolve a technical issue | with print queue status. Both sets of iFixes (new and original) resolve | the security vulnerabilities described...

8.4CVSS

7.9AI Score

0.0004EPSS

2023-12-11 01:23 PM
37
aix
aix

Multiple vulnerabilities in cURL libcurl affect AIX

IBM SECURITY ADVISORY First Issued: Mon Dec 11 13:22:02 CST 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory3.asc Security Bulletin: Multiple vulnerabilities in cURL libcurl affect AIX...

9.8CVSS

7.8AI Score

0.003EPSS

2023-12-11 01:22 PM
9
jvn
jvn

JVN#34145838: Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series

HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities listed below. Denial-of-service (DoS) vulnerability in FTP service (CWE-400) - CVE-2023-41963 Version| Vector| Score ---|---|--- CVSS v3|...

7.5CVSS

7.7AI Score

0.001EPSS

2023-12-11 12:00 AM
23
thn
thn

Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging. "While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing.....

8AI Score

2023-12-09 07:16 AM
9
nvd
nvd

CVE-2023-39171

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin...

7.2CVSS

0.001EPSS

2023-12-07 03:15 PM
1
cve
cve

CVE-2023-39171

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin...

7.2CVSS

6.9AI Score

0.001EPSS

2023-12-07 03:15 PM
9
cve
cve

CVE-2023-39169

The affected devices use publicly available default credentials with administrative...

9.8CVSS

9.4AI Score

0.001EPSS

2023-12-07 03:15 PM
13
prion
prion

Command injection

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin...

7.2CVSS

7.2AI Score

0.001EPSS

2023-12-07 03:15 PM
5
cvelist
cvelist

CVE-2023-39171 SENEC Storage Box V1,V2 and V3 accidentially expose a management interface

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin...

7.2CVSS

7.2AI Score

0.001EPSS

2023-12-07 02:23 PM
nvd
nvd

CVE-2023-39167

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive...

7.5CVSS

0.003EPSS

2023-12-07 02:15 PM
cve
cve

CVE-2023-39167

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive...

7.5CVSS

7.5AI Score

0.003EPSS

2023-12-07 02:15 PM
7
cve
cve

CVE-2023-39172

The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network...

9.1CVSS

8.9AI Score

0.001EPSS

2023-12-07 02:15 PM
4
prion
prion

Code injection

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive...

7.5CVSS

6.9AI Score

0.003EPSS

2023-12-07 02:15 PM
6
cvelist
cvelist

CVE-2023-39169 SENEC: Storage Box V1,V2 and V3 using default credentials

The affected devices use publicly available default credentials with administrative...

9.8CVSS

9.8AI Score

0.001EPSS

2023-12-07 02:14 PM
1
cvelist
cvelist

CVE-2023-39167 SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive...

7.5CVSS

7.8AI Score

0.003EPSS

2023-12-07 02:05 PM
1
cvelist
cvelist

CVE-2023-39172 SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted

The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network...

9.1CVSS

9.3AI Score

0.001EPSS

2023-12-07 01:58 PM
2
ics
ics

Schweitzer Engineering Laboratories SEL-411L

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL-411L Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability...

6.1CVSS

7AI Score

0.001EPSS

2023-12-07 12:00 PM
19
ics
ics

Sierra Wireless AirLink with ALEOS firmware

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sierra Wireless Equipment: AirLink Vulnerabilities: Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded...

8.1CVSS

7.7AI Score

0.001EPSS

2023-12-07 12:00 PM
13
ics
ics

Mitsubishi Electric FA Engineering Software Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Mitsubishi Electric Equipment: MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities: Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these...

5.5CVSS

7.2AI Score

0.0005EPSS

2023-12-07 12:00 PM
13
ics
ics

ControlbyWeb Relay

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: ControlByWeb Equipment: X-332 and X-301 Vulnerability: Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to run...

7.5CVSS

6.7AI Score

0.0004EPSS

2023-12-07 12:00 PM
6
github
github

pubnub Insufficient Entropy vulnerability

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...

5.9CVSS

7AI Score

0.001EPSS

2023-12-06 06:30 AM
9
osv
osv

pubnub Insufficient Entropy vulnerability

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0;...

5.9CVSS

7AI Score

0.001EPSS

2023-12-06 06:30 AM
2
github
github

Traefik docker container using 100% CPU

Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the.....

7.5CVSS

7AI Score

0.0005EPSS

2023-12-05 06:13 PM
18
osv
osv

Traefik docker container using 100% CPU

Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the.....

7.5CVSS

7AI Score

0.0005EPSS

2023-12-05 06:13 PM
6
osv
osv

Traefik vulnerable to potential DDoS via ACME HTTPChallenge

Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers (slowloris...

5.9CVSS

6.9AI Score

0.001EPSS

2023-12-05 06:12 PM
6
github
github

Traefik vulnerable to potential DDoS via ACME HTTPChallenge

Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers (slowloris...

5.9CVSS

6.9AI Score

0.001EPSS

2023-12-05 06:12 PM
5
osv
osv

Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass

Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another...

6.5CVSS

7AI Score

0.001EPSS

2023-12-05 06:11 PM
5
github
github

Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass

Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another...

6.5CVSS

7AI Score

0.001EPSS

2023-12-05 06:11 PM
17
ics
ics

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Zebra Technologies Equipment: ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful...

5.4CVSS

7.1AI Score

0.0004EPSS

2023-12-05 12:00 PM
5
veracode
veracode

Denial Of Service (DoS)

libsquid.so is vulnerable to Denial Of Service (DoS). The vulnerability exists due to a buffer overread bug in the library. This allows an attacker to cause an application crash during HTTP message...

8.6CVSS

6.9AI Score

0.015EPSS

2023-12-05 06:23 AM
14
attackerkb
attackerkb

CVE-2023-49070

Pre-auth RCE in Apache Ofbiz 18.12.09. It’s due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 Recent assessments: cbeek-r7 at January 03, 2024 8:34am UTC reported: CVE-2023-49070 is a...

9.8CVSS

8.2AI Score

0.821EPSS

2023-12-05 12:00 AM
21
arista
arista

Security Advisory 0090

Security Advisory 0090 _._CSAF PDF Date: December 5, 2023 Revision | Date | Changes ---|---|--- 1.0 | December 5, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24547 CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H) Common Weakness Enumeration: CWE-212:...

6.5CVSS

5.7AI Score

0.0005EPSS

2023-12-05 12:00 AM
12
nvd
nvd

CVE-2023-49285

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for....

7.5CVSS

0.015EPSS

2023-12-04 11:15 PM
1
osv
osv

CVE-2023-49285

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for....

8.6CVSS

7.4AI Score

0.015EPSS

2023-12-04 11:15 PM
5
cve
cve

CVE-2023-49285

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for....

8.6CVSS

7.2AI Score

0.015EPSS

2023-12-04 11:15 PM
45
prion
prion

Design/Logic Flaw

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for....

7.5CVSS

6.7AI Score

0.015EPSS

2023-12-04 11:15 PM
7
cvelist
cvelist

CVE-2023-49285 Denial of Service in HTTP Message Processing in Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for....

8.6CVSS

8.5AI Score

0.015EPSS

2023-12-04 10:56 PM
Total number of security vulnerabilities34923