[M-02] Denial of Service on failed call Dos
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. To minimize the damage caused by such failures, it is better to isolate each external call into its.....
7AI Score
7.1AI Score
7.4AI Score
7.4AI Score
7.1AI Score
7.1AI Score
New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3
Cybersecurity researchers have discovered a new version of malware called Rilide that targets Chromium-based web browsers to steal sensitive data and steal cryptocurrency. "It exhibits a higher level of sophistication through modular design, code obfuscation, adoption to the Chrome Extension...
7.3AI Score
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....
6.5CVSS
6.2AI Score
0.0004EPSS
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service...
6.5CVSS
6.5AI Score
0.0004EPSS
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...
6.5CVSS
6.4AI Score
0.0004EPSS
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....
6.5CVSS
6.2AI Score
0.0004EPSS
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via...
6.5CVSS
6.6AI Score
0.0005EPSS
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....
6.5CVSS
6.2AI Score
0.0004EPSS
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....
6.5CVSS
6.2AI Score
0.0004EPSS
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....
6.5CVSS
6.2AI Score
0.0004EPSS
After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...
6.5CVSS
6.4AI Score
0.0004EPSS
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....
6.5CVSS
6.2AI Score
0.0004EPSS
In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....
6.5CVSS
6.2AI Score
0.0004EPSS
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....
6.5CVSS
6.2AI Score
0.0004EPSS
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....
6.5CVSS
6.2AI Score
0.0004EPSS
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....
6.5CVSS
6.2AI Score
0.0004EPSS
Sensormatic Electronics VideoEdge
EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low attack complexity Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. Equipment: VideoEdge Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION Successful exploitation of this...
7.1CVSS
6.7AI Score
0.0004EPSS
Mitsubishi Electric GT and GOT Series Products
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this...
7.5CVSS
6.2AI Score
0.001EPSS
TEL-STER TelWin SCADA WebInterface
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read...
7.5CVSS
7AI Score
0.001EPSS
Mitsubishi Electric GOT2000 and GOT SIMPLE
EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable remotely Vendor: Mitsubishi Electric Equipment: GOT2000 Series and GOT SIMPLE Series Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
9.1CVSS
6.3AI Score
0.001EPSS
In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....
6.5CVSS
6.2AI Score
0.0004EPSS
What’s happening in the world of crimeware: Emotet, DarkGate and LokiBot
Introduction The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover...
7.8CVSS
7.1AI Score
0.974EPSS
Security Bulletin - Omniverse Launcher - August 2023
NVIDIA has released a software update for the Omniverse Workstation Launcher to address a security issue that may lead to information disclosure. To protect your system, download and apply the update for the Omniverse platform that you are using. If you are using the licensed NVIDIA Omniverse...
5.3CVSS
6.4AI Score
0.0005EPSS
7.1AI Score
APSystems Altenergy Power Control
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely / low attack complexity / public exploits available Vendor: APSystems Equipment: Altenergy Power Control Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote...
9.8CVSS
8.2AI Score
0.856EPSS
7.1AI Score
Sydent does not verify email server certificates
Impact If configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation...
9.3CVSS
6.4AI Score
0.001EPSS
Sydent does not verify email server certificates
Impact If configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation...
9.3CVSS
6.9AI Score
0.001EPSS
7.1AI Score
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2023-2488)
The remote host is missing an update for the Huawei...
7.8CVSS
7.7AI Score
0.002EPSS
missing check for the max/min price in the chainlinkOracle.sol contract
Lines of code Vulnerability details Impact the chainlinkOracle.sol contract specially the getChainlinkPrice function using the aggregator v2 and v3 to get/call the latestRoundData. the function should check for the min and max amount return to prevent some case happen, something like this:...
6.8AI Score
7.1AI Score
Stored Cross-Site Scripting (XSS)
october/october is vulnerable to Stored Cross-Site Scripting. The vulnerability is due to a lack of sanitization in the user authentication module, which allows an attacker to inject and execute arbitrary JavaScript into the...
5.4CVSS
7AI Score
0.001EPSS
A vulnerability was found in Trustwave's ModSecurity project due to an inefficient algorithmic complexity flaw. This issue is present in four transformation actions: removeWhitespace, removeNull, replaceNull, and removeCommentsChar. By sending a maliciously crafted HTTP request, an attacker could.....
7.5CVSS
6AI Score
0.001EPSS
loss of user funds in ARCDVestingVault.sol
Lines of code Vulnerability details Impact In the contract ARCDVestingVault.sol the function delegate is used to delegate user votes to desired address but it fails to maintain the sanity check if the provided address is a zeroaddress or not function delegate(address to) external { ...
6.9AI Score
EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2023-2488)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can...
7.8CVSS
7.7AI Score
0.002EPSS
Malicious code in aws-sdk-js-v3 (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e64c49f08b91cb456113ae44bbd8efc8280a1c79aa45ca1bd0f019c4af6ad873) The OpenSSF Package Analysis project identified 'aws-sdk-js-v3' @ 1.3.7 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
ETIC Telecom RAS Authentication
EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: ETIC Telecom Equipment: Remote Access Server (RAS) Vulnerability: Insecure Default Initialization of Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...
8.1CVSS
7.2AI Score
0.0004EPSS
Preventing Web Application Access Control Abuse
SUMMARY The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications....
7.5CVSS
9.3AI Score
0.002EPSS
ETIC Telecom Remote Access Server (RAS) (Update A)
EXECUTIVE SUMMARY **--------- Begin Update A Part 1 of 5 --------- ** CVSS v3 7.6 ATTENTION: Exploitable remotely/low attack complexity **--------- End Update A Part 1 of 5 --------- ** Vendor: ETIC Telecom Equipment: Remote Access Server (RAS) Vulnerabilities: Insufficient Verification of...
10CVSS
9.1AI Score
0.003EPSS
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the affected device crashing. 3. TECHNICAL...
7.5CVSS
6.5AI Score
0.001EPSS
Updated kernel packages fix security vulnerability
This kernel update is based on upstream 5.15.122 and fixes atleast the following security issue: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM register,...
5.5CVSS
7.2AI Score
0.001EPSS
Updated kernel-linus packages fix security vulnerabilities
This kernel-linus update is based on upstream 5.15.122 and fixes atleast the following security issues: Under specific microarchitectural circumstances, a register in "Zen 2" CPUs may not be written to 0 correctly. This may cause data from another process and/or thread to be stored in the YMM...
7.8CVSS
7.3AI Score
0.001EPSS
5.5CVSS
7.4AI Score
0.001EPSS
7.1AI Score