An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a...
6.2AI Score
0.0004EPSS
An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. Bugs https://bugzilla.redhat.com/show_bug.cgi?id=2258012...
5.5CVSS
5.3AI Score
0.0004EPSS
Django Template Engine Vulnerable to XSS
Impact Vulnerability Type: Cross-Site Scripting (XSS) Affected Users: All users of the Django template engine for Fiber prior to the patch. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of.....
9.3CVSS
5.7AI Score
0.001EPSS
Django Template Engine Vulnerable to XSS
Impact Vulnerability Type: Cross-Site Scripting (XSS) Affected Users: All users of the Django template engine for Fiber prior to the patch. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of.....
9.3CVSS
5.7AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
7.1AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
8.3AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
8.8AI Score
0.001EPSS
Siemens Teamcenter Visualization and JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
7.3AI Score
0.001EPSS
Schneider Electric Easergy Studio
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Easergy Studio Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full control of a...
7.8CVSS
8AI Score
0.0005EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
7.8AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Horner Automation Equipment: Cscape Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL...
7.8CVSS
7.8AI Score
0.001EPSS
Rapid Software LLC Rapid SCADA
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely, low attack complexity Vendor: Rapid Software LLC Equipment: Rapid SCADA Vulnerabilities: Path Traversal, Relative Path Traversal, Local Privilege Escalation through Incorrect Permission Assignment for Critical Resource,...
9.8CVSS
7.8AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.2CVSS
7.3AI Score
0.001EPSS
Hotfix for Update Rollup 2 for Microsoft Azure Backup Server v3
Hotfix for Update Rollup 2 for Microsoft Azure Backup Server v3 Azure Backup Introduction This article describes the improvements contained in Hotfix for Update Rollup 2 for Microsoft Azure Backup Server V3. This article also contains the installation instructions for this update. Issues that are.....
6.5AI Score
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...
9.8CVSS
8AI Score
0.002EPSS
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...
9.8CVSS
8AI Score
0.002EPSS
Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management...
9.1CVSS
9AI Score
0.001EPSS
Cambium ePMP 5GHz Force 300-25 Radio (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Cambium Equipment: ePMP Force 300-25 Vulnerability: Code Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform code execution on the affected product. 3....
7.8CVSS
7.9AI Score
0.001EPSS
GLSA-202401-09 : Eclipse Mosquitto: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202401-09 (Eclipse Mosquitto: Multiple Vulnerabilities) In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. (CVE-2023-0809) In Mosquitto before 2.0.16,...
7.5CVSS
6.9AI Score
0.001EPSS
GitHub and the Ekoparty 2023 Capture the Flag
As an Ekoparty 2023 sponsor, GitHub once again had the privilege of submitting several challenges to the event’s Capture The Flag (CTF) competition. Employees from across GitHub’s Security organization came together to brainstorm, plan, build, and test these challenges to create a compelling,...
7.5AI Score
Eclipse Mosquitto: Multiple Vulnerabilities
Background Eclipse Mosquitto is an open source MQTT v3 broker. Description Multiple vulnerabilities have been discovered in Eclipse Mosquitto. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
7.5CVSS
7.4AI Score
0.001EPSS
Rockwell Automation FactoryTalk Activation
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Activation Manager Vulnerabilities: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a buffer...
9.8CVSS
8.6AI Score
0.003EPSS
Mitsubishi Electric Factory Automation Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple Factory Automation Products Vulnerabilities: Observable Timing Discrepancy, Double Free, Access of Resource Using Incompatible Type ('Type Confusion') ...
7.5CVSS
8AI Score
0.003EPSS
Unitronics Vision and Samba Series (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Unitronics Equipment: Vision Series, Samba Series Vulnerability: Initialization of a Resource with an Insecure Default 2. RISK...
9.8CVSS
10AI Score
0.068EPSS
IBM SECURITY ADVISORY First Issued: Thu Jan 4 11:46:09 CST 2024 |Updated: Tue Jan 9 14:23:40 CST 2024 |Update: Additional iFixes are now available for AIX 7.2 TL5 SP5, 7.3 TL0 SP2, | 7.3 TL0 SP3, 7.3 TL1 SP1, and VIOS 3.1.3.21, 3.1.3.30, and 3.1.4.10. | Both the original and new iFixes...
6.2CVSS
6.4AI Score
0.0004EPSS
craftcms/cms is vulnerable to Privilege Escalation. The vulnerability is due to the actionSave function within ElementsController.php, because there are no checks for save permissions before and after applying POST params to the element, as well as the actionSaveUser function within...
8.8CVSS
7.2AI Score
0.001EPSS
Craft CMS Privilege Escalation
Impact This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups. Patches This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. References...
8.8CVSS
7.4AI Score
0.001EPSS
Craft CMS Privilege Escalation
Impact This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups. Patches This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. References...
8.8CVSS
7.4AI Score
0.001EPSS
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should...
8.8CVSS
6.4AI Score
0.001EPSS
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should...
8.8CVSS
8.8AI Score
0.001EPSS
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should...
8.8CVSS
8.7AI Score
0.001EPSS
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should...
8.8CVSS
7.2AI Score
0.001EPSS
CVE-2024-21622 Craft CMS Privilege Escalation
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should...
5.4CVSS
9AI Score
0.001EPSS
Maliciously crafted Git server replies can cause DoS on go-git clients
Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications.....
7.5CVSS
6.4AI Score
0.0005EPSS
Maliciously crafted Git server replies can cause DoS on go-git clients
Impact A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications.....
7.5CVSS
6.4AI Score
0.0005EPSS
JVN#32646742: Multiple vulnerabilities in PowerCMS
PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability in the management screen (CWE-79) - CVE-2023-49117 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
6.1CVSS
6.7AI Score
0.001EPSS
JVN#23771490: Multiple vulnerabilities in BUFFALO VR-S1000
VR-S1000 provided by BUFFALO INC. contains multiple vulnerabilities listed below. OS command injection (CWE-78) - CVE-2023-45741 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.8 CVSS v2| AV:A/AC:L/Au:S/C:P/I:P/A:P| Base Score: 5.2 ...
7.8CVSS
7.9AI Score
0.001EPSS
Fedora: Security Advisory for nss (FEDORA-2023-983329cf45)
The remote host is missing an update for...
7.5AI Score
Fedora: Security Advisory for nss (FEDORA-2023-9de52d46bd)
The remote host is missing an update for...
7.5AI Score
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK...
3.3CVSS
0.0004EPSS
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK...
6CVSS
4.1AI Score
0.0004EPSS
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK...
6CVSS
6.9AI Score
0.0004EPSS
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK...
3.3CVSS
7.2AI Score
0.0004EPSS
CVE-2023-51651 Potential URI resolution path traversal in the AWS SDK for PHP
AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the buildEndpoint method in the RestSerializer component of the AWS SDK...
6CVSS
6.2AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: nss-3.95.0-1.fc38
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other...
7.3AI Score
[SECURITY] Fedora 39 Update: nss-3.95.0-1.fc39
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other...
7.3AI Score
Potential URI resolution path traversal in the AWS SDK for PHP
Impact Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in thebuildEndpoint method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The buildEndpoint method relies on the...
6CVSS
7AI Score
0.0004EPSS
Potential URI resolution path traversal in the AWS SDK for PHP
Impact Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in thebuildEndpoint method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The buildEndpoint method relies on the...
6CVSS
6.6AI Score
0.0004EPSS
Chameleon Android Banking Trojan Variant Bypasses Biometric Authentication
Cybersecurity researchers have discovered an updated version of an Android banking malware called Chameleon that has expanded its targeting to include users in the U.K. and Italy. "Representing a restructured and enhanced iteration of its predecessor, this evolved Chameleon variant excels in...
7.2AI Score
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: FXC Equipment: AE1021, AE1021PE Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...
8.8CVSS
9.2AI Score
0.01EPSS