Fedora 38 : libmodsecurity (2024-698e541c52)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-698e541c52 advisory. ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs....
7.2AI Score
7.4AI Score
Amazon Linux 2 : amazon-ssm-agent (ALAS-2024-2458)
The version of amazon-ssm-agent installed on the remote host is prior to 3.2.2222.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2458 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause...
8AI Score
Helm dependency management path traversal
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...
7AI Score
0.0004EPSS
Helm dependency management path traversal
A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...
6.8AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.7AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.9AI Score
0.034EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.7AI Score
0.022EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8AI Score
0.048EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.7AI Score
0.081EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.5AI Score
0.001EPSS
Rockwell Automation FactoryTalk Service Platform
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious users with...
9.3AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.3AI Score
0.001EPSS
Siemens SCALANCE SC-600 Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8AI Score
0.002EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.3AI Score
0.0005EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.1AI Score
0.0005EPSS
Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: MELSEC iQ-F/iQ-R Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
5.3AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8AI Score
0.002EPSS
Siemens SIMATIC WinCC, OpenPCS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8AI Score
0.001EPSS
Siemens Tecnomatix Plant Simulation
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.7AI Score
0.001EPSS
Issue Overview: 2024-04-24: CVE-2023-49568 was added to this advisory. 2024-02-29: CVE-2023-39326 was added to this advisory. 2024-02-29: CVE-2023-39325 was added to this advisory. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset...
7.7AI Score
0.002EPSS
Issue Overview: 2024-04-25: CVE-2023-49568 was added to this advisory. 2024-02-28: CVE-2023-39325 was added to this advisory. 2024-02-28: CVE-2023-39326 was added to this advisory. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset...
7.7AI Score
0.002EPSS
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to....
5CVSS
7.3AI Score
0.0004EPSS
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to....
5CVSS
7.4AI Score
0.0004EPSS
CVE-2023-5122 SSRF in CSV Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to....
6.9AI Score
0.0004EPSS
Update now! Microsoft fixes two zero-days on February Patch Tuesday
Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. Among these vulnerabilities are two zero-days that are reportedly being used in the wild. The two zero-day vulnerabilities have already been added to the Cybersecurity & Infrastructure Security...
9.8CVSS
8.5AI Score
0.009EPSS
CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)
Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for...
5.8CVSS
8.5AI Score
0.013EPSS
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...
6AI Score
0.0004EPSS
Concrete CMS vulnerable to stored XSS via the Role Name field
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...
6AI Score
0.0004EPSS
Concrete CMS vulnerable to stored XSS via the Role Name field
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...
6.1AI Score
0.0004EPSS
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...
6.1AI Score
0.0004EPSS
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...
6.1AI Score
0.0004EPSS
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...
6.1AI Score
0.0004EPSS
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...
4.8CVSS
6.3AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...
4.8CVSS
6.3AI Score
0.0004EPSS
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...
4.8CVSS
6.2AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...
4.8CVSS
6.1AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...
5.9AI Score
0.0004EPSS
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...
5.9AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...
4.8CVSS
6.3AI Score
0.0004EPSS
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...
4.8CVSS
6.2AI Score
0.0004EPSS
CVE-2024-1247 Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...
5.9AI Score
0.0004EPSS
Raspberry Robin Malware Upgrades with Discord Spread and New Exploits
The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the...
8.4CVSS
7.9AI Score
0.004EPSS
ProPump and Controls Osprey Pump Controller (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: ProPump and Controls, Inc. Equipment: Osprey Pump Controller Vulnerabilities: Insufficient Entropy, Use of GET Request Method with Sensitive Query Strings, Use of.....
10AI Score
0.002EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Qolsys, Inc. Equipment: IQ Panel 4, IQ4 Hub Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the panel...
7.2AI Score
0.001EPSS
Security Bulletin: NVIDIA DGX Station A100 and DGX Station A800 - February 2024
NVIDIA has released a firmware security update for the NVIDIA DGX™ Station A100 and DGX™ Station A800 systems. To protect your system, download and install this firmware update through the NVIDIA Enterprise Support Portal. Go to NVIDIA Product Security. Details This section provides a summary of...
9.4AI Score
0.001EPSS
HID Global Reader Configuration Cards
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: HID Global Equipment: Reader Configuration Cards Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the credential and device...
5.4AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable locally Vendor: HID Global Equipment: iCLASS SE, OMNIKEY Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration cards...
7.7AI Score
0.0004EPSS