Lucene search

K

1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3 Security Vulnerabilities

openvas
openvas

Fedora: Security Advisory for libmodsecurity (FEDORA-2024-4645d0fdef)

The remote host is missing an update for...

8.6CVSS

8.7AI Score

0.001EPSS

2024-02-20 12:00 AM
4
cvelist
cvelist

CVE-2023-47422

An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted...

6.9AI Score

0.0004EPSS

2024-02-20 12:00 AM
jvn
jvn

JVN#44166658: Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater

Multiple wireless LAN routers and wireless LAN repeater provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Cross-site Scripting (CWE-79) - CVE-2024-21798 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2|...

6.7AI Score

0.0004EPSS

2024-02-20 12:00 AM
8
arista
arista

Security Advisory 0091

Security Advisory 0091 _._CSAF PDF Date: February 20, 2024 Revision | Date | Changes ---|---|--- 1.0 | February 20, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-6068 CVSSv3.1 Base Score: 3.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N) Common Weakness Enumeration: CWE-283 Improper...

3.1CVSS

3.7AI Score

0.0004EPSS

2024-02-20 12:00 AM
13
redhatcve
redhatcve

CVE-2024-26328

A flaw was found in the NVMe emulation support of QEMU. The register_vfs() function in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, causing the interaction with hw/nvme/ctrl.c to be mishandled. This issue could lead to out-of-bounds memory access in hw/nvme. This flaw allows a...

6.1AI Score

0.0004EPSS

2024-02-19 03:52 PM
8
nessus
nessus

Fedora 39 : libmodsecurity (2024-4645d0fdef)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4645d0fdef advisory. ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs....

8.6CVSS

7.2AI Score

0.001EPSS

2024-02-19 12:00 AM
5
packetstorm

7.4AI Score

2024-02-19 12:00 AM
117
nessus
nessus

Fedora 38 : libmodsecurity (2024-698e541c52)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-698e541c52 advisory. ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs....

8.6CVSS

7.2AI Score

0.001EPSS

2024-02-19 12:00 AM
4
nessus
nessus

Amazon Linux AMI : amazon-ssm-agent (ALAS-2024-1920)

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.2222.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1920 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive ...

9.8CVSS

8AI Score

0.002EPSS

2024-02-19 12:00 AM
8
nessus
nessus

Amazon Linux 2 : amazon-ssm-agent (ALAS-2024-2458)

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.2222.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2458 advisory. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause...

9.8CVSS

8AI Score

0.002EPSS

2024-02-19 12:00 AM
15
github
github

Helm dependency management path traversal

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...

6.4CVSS

7AI Score

0.0004EPSS

2024-02-15 03:34 PM
9
osv
osv

Helm dependency management path traversal

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. Impact When either the Helm client or SDK is used to save a chart whose name within the Chart.yaml file includes a relative path change, the chart would be saved outside its expected...

6.4CVSS

6.8AI Score

0.0004EPSS

2024-02-15 03:34 PM
6
ics
ics

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

7.5AI Score

0.001EPSS

2024-02-15 12:00 PM
8
ics
ics

Siemens Unicam FX

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.8CVSS

7.7AI Score

0.0004EPSS

2024-02-15 12:00 PM
11
ics
ics

Siemens SIMATIC RTLS Gateways

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

10CVSS

8AI Score

0.054EPSS

2024-02-15 12:00 PM
10
ics
ics

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.9AI Score

EPSS

2024-02-15 12:00 PM
21
ics
ics

Siemens SCALANCE XCM-/XRM-300

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.7AI Score

0.025EPSS

2024-02-15 12:00 PM
34
ics
ics

Siemens SIDIS Prime

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

7.7AI Score

0.081EPSS

2024-02-15 12:00 PM
12
ics
ics

Siemens Parasolid

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.8CVSS

8.5AI Score

0.001EPSS

2024-02-15 12:00 PM
2
ics
ics

Siemens Simcenter Femap

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.8CVSS

8.3AI Score

0.001EPSS

2024-02-15 12:00 PM
3
ics
ics

Rockwell Automation FactoryTalk Service Platform

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely Vendor: Rockwell Automation Equipment: FactoryTalk Service Platform Vulnerability: Incorrect Execution-Assigned Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious users with...

9CVSS

9.3AI Score

0.0004EPSS

2024-02-15 12:00 PM
9
ics
ics

Siemens Polarion ALM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.8CVSS

8.1AI Score

0.0005EPSS

2024-02-15 12:00 PM
9
ics
ics

Siemens CP343-1 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

7.3AI Score

0.0005EPSS

2024-02-15 12:00 PM
6
ics
ics

Siemens SCALANCE SC-600 Family

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.1CVSS

7.8AI Score

0.002EPSS

2024-02-15 12:00 PM
9
ics
ics

Siemens SIMATIC WinCC, OpenPCS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

6.5CVSS

7.5AI Score

0.0004EPSS

2024-02-15 12:00 PM
4
ics
ics

Siemens Tecnomatix Plant Simulation

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.8CVSS

7.7AI Score

0.001EPSS

2024-02-15 12:00 PM
4
ics
ics

Siemens Location Intelligence

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

8AI Score

0.001EPSS

2024-02-15 12:00 PM
4
ics
ics

Mitsubishi Electric MELSEC iQ-F/iQ-R Series CPU Module (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Equipment: MELSEC iQ-F/iQ-R Series Vulnerability: Improper Restriction of Excessive Authentication Attempts 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...

5.3CVSS

5.3AI Score

0.001EPSS

2024-02-15 12:00 PM
14
ics
ics

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

9.8CVSS

9.8AI Score

0.002EPSS

2024-02-15 12:00 PM
5
amazon
amazon

Important: amazon-ssm-agent

Issue Overview: 2024-04-24: CVE-2023-49568 was added to this advisory. 2024-02-29: CVE-2023-39326 was added to this advisory. 2024-02-29: CVE-2023-39325 was added to this advisory. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset...

9.8CVSS

7.7AI Score

0.002EPSS

2024-02-15 03:52 AM
21
amazon
amazon

Important: amazon-ssm-agent

Issue Overview: 2024-04-25: CVE-2023-49568 was added to this advisory. 2024-02-28: CVE-2023-39325 was added to this advisory. 2024-02-28: CVE-2023-39326 was added to this advisory. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset...

9.8CVSS

7.7AI Score

0.002EPSS

2024-02-14 08:03 PM
16
nvd
nvd

CVE-2023-5122

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to....

5CVSS

5.1AI Score

0.0004EPSS

2024-02-14 03:15 PM
cve
cve

CVE-2023-5122

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to....

5CVSS

5.1AI Score

0.0004EPSS

2024-02-14 03:15 PM
17
prion
prion

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to....

5CVSS

7.4AI Score

0.0004EPSS

2024-02-14 03:15 PM
6
cvelist
cvelist

CVE-2023-5122 SSRF in CSV Datasource Plugin

Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests to....

5CVSS

5.4AI Score

0.0004EPSS

2024-02-14 03:06 PM
malwarebytes
malwarebytes

Update now! Microsoft fixes two zero-days on February Patch Tuesday

Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. Among these vulnerabilities are two zero-days that are reportedly being used in the wild. The two zero-day vulnerabilities have already been added to the Cybersecurity & Infrastructure Security...

9.8CVSS

8.5AI Score

0.006EPSS

2024-02-14 01:17 PM
22
rapid7blog
rapid7blog

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices, and QuTS hero is a core part of the firmware for...

5.8CVSS

8.5AI Score

0.003EPSS

2024-02-13 04:00 PM
43
osv
osv

Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS

6AI Score

0.0004EPSS

2024-02-09 09:30 PM
4
osv
osv

Concrete CMS vulnerable to stored XSS via the Role Name field

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

4.8CVSS

6AI Score

0.0004EPSS

2024-02-09 09:30 PM
2
github
github

Concrete CMS vulnerable to stored XSS via the Role Name field

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 09:30 PM
5
osv
osv

Concrete CMS vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 09:30 PM
3
github
github

Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 09:30 PM
4
github
github

Concrete CMS vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 09:30 PM
4
cve
cve

CVE-2024-1246

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS

5AI Score

0.0004EPSS

2024-02-09 08:15 PM
14
nvd
nvd

CVE-2024-1245

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

4AI Score

0.0004EPSS

2024-02-09 08:15 PM
1
cve
cve

CVE-2024-1245

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

4.9AI Score

0.0004EPSS

2024-02-09 08:15 PM
14
nvd
nvd

CVE-2024-1246

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS

4AI Score

0.0004EPSS

2024-02-09 08:15 PM
prion
prion

Input validation

Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the...

4.8CVSS

6.2AI Score

0.0004EPSS

2024-02-09 08:15 PM
5
prion
prion

Cross site scripting

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

4.8CVSS

6.1AI Score

0.0004EPSS

2024-02-09 08:15 PM
3
cvelist
cvelist

CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description...

2.4CVSS

5.2AI Score

0.0004EPSS

2024-02-09 07:43 PM
Total number of security vulnerabilities34964