As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.2AI Score
0.937EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.1CVSS
7.4AI Score
0.0005EPSS
Siemens OPC UA Modeling Editor (SiOME)
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.6AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.3AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9AI Score
0.009EPSS
Update now! Microsoft patches 3 actively exploited zero-days
Another important update round for this month's Patch Tuesday. Microsoft has patched a total of 63 vulnerabilities in its operating systems. Five of these vulnerabilities qualify as zero-days, with three listed as being actively exploited. Microsoft considers a vulnerability to be a zero-day if it....
8.8CVSS
7.2AI Score
0.005EPSS
ManageEngine SupportCenter Plus < 11.0 Build 11023
The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 11.0 Build 11023, 11.0 Build 11023, 11.0 Build 11023. It is, therefore, affected by a vulnerability as referenced in the support- center_cve-2022-36412 advisory. In Zoho ManageEngine SupportCenter Plus before...
9.8CVSS
6.9AI Score
0.009EPSS
Fabric vulnerable to crosslinking transaction attack
Short summary Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the...
7.1CVSS
6.6AI Score
0.0005EPSS
Fabric vulnerable to crosslinking transaction attack
Short summary Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the...
7.1CVSS
7.1AI Score
0.0005EPSS
Rockwell Automation SIS Workstation and ISaGRAF Workbench
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: SIS Workstation and ISaGRAF Workbench Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unprivileged local users...
7.8CVSS
7.8AI Score
0.002EPSS
AVEVA Operations Control Logger
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Operations Control Logger Vulnerabilities: Execution with Unnecessary Privileges, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
7.8CVSS
8.3AI Score
0.0004EPSS
6.9AI Score
0.002EPSS
JVN#17806703: Multiple vulnerabilities in Cisco Firepower Management Center Software
Cisco Firepower Management Center Software provided by Cisco Systems contains multiple vulnerabilities listed below. OS command injection (CWE-78) - CVE-2023-20219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.6 CVSS v2|...
8.8CVSS
7.7AI Score
0.001EPSS
JVN#96209256: Multiple vulnerabilities in Pleasanter
Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-34439 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N|...
7.5CVSS
6.8AI Score
0.001EPSS
7.4AI Score
EPSS
7.4AI Score
EPSS
7AI Score
EPSS
7.4AI Score
EPSS
kernel security, bug fix, and enhancement update
[5.14.0-362.8.1_3.OL9] Update Oracle Linux certificates (Kevin Lyons) Disable signing for aarch64 (Ilya Okomin) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey [Orabug: 24817676] Conflict with shim-ia32...
8.2CVSS
7.8AI Score
EPSS
Hitachi Energy MicroSCADA Pro/X SYS600 Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA X SYS600, MicroSCADA Pro Vulnerability: Improper Use of Validation Framework 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user...
8.8CVSS
8.2AI Score
0.001EPSS
Johnson Controls Quantum HD Unity
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Quantum HD Unity Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to access...
10CVSS
7.4AI Score
0.001EPSS
Mitsubishi Electric MELSEC and MELIPC Series (Update G)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC and MELIPC Series Vulnerabilities: Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, Improper Input Validation 2....
7.5CVSS
8.3AI Score
0.002EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: eSOMS Vulnerabilities: Generation of Error Message Containing Sensitive Information, Exposure of Sensitive System Information to an Unauthorized Control Sphere 2....
5.3CVSS
5.6AI Score
0.0005EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and...
7.3CVSS
7.5AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and...
7.5AI Score
0.0004EPSS
IBM SECURITY ADVISORY First Issued: Tue Nov 7 11:16:49 CST 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc Security Bulletin: AIX is affected by a denial of service (CVE-2023-45167) and a security...
6.2CVSS
7.3AI Score
0.0005EPSS
Fedora 39 : mosquitto (2023-9adc4be8b0)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-9adc4be8b0 advisory. In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. (CVE-2023-0809) In...
7.5CVSS
7.1AI Score
0.001EPSS
QNAP QTS / QuTS hero SSRF QSA-23-51)
The version of QNAP QTS / QuTS hero installed on the remote host is affected by a vulnerability as referenced in the QSA-23-51 advisory. A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could...
4.3CVSS
4.6AI Score
0.0004EPSS
Rocky Linux 8 : nodejs:14 (RLSA-2022:0350)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0350 advisory. This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator....
9.8CVSS
7.7AI Score
0.012EPSS
Mitsubishi Electric MELSEC Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability may...
9.1CVSS
6.9AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: EasyBuilder Pro Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain remote...
9.8CVSS
7.4AI Score
0.001EPSS
Franklin Fueling System TS-550
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Franklin Fueling System Equipment: TS-550 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation...
9.8CVSS
7.6AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: FlexEdge Gateway, DA50A, DA70A running Crimson Vulnerability: Improper Neutralization of Null Byte or NUL Character 2. RISK EVALUATION Successful exploitation of this...
9.8CVSS
7.4AI Score
0.001EPSS
Schneider Electric SpaceLogic C-Bus Toolkit
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: SpaceLogic C-Bus Toolkit Vulnerabilities: Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
9.8CVSS
8.8AI Score
0.002EPSS
Squid is vulnerable to Denial Of Service. The vulnerability is due to improper validation of particular index which allows an attacker to initiate a TLS Handshake with a malicious crafted SSL Certificate in a server certificate chain thus leading to denial of...
8.6CVSS
6.8AI Score
0.006EPSS
A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using --with-openssl is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by...
8.6CVSS
7.2AI Score
0.006EPSS
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....
8.6CVSS
6.8AI Score
0.006EPSS
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....
8.6CVSS
7.3AI Score
0.006EPSS
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....
7.5CVSS
8.3AI Score
0.006EPSS
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....
7.5CVSS
7.3AI Score
0.006EPSS
CVE-2023-46724 SQUID-2023:4 Denial of Service in SSL Certificate validation
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to.....
8.6CVSS
8.6AI Score
0.006EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Zavio Equipment: IP Camera Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer, OS Command Injection 2. RISK EVALUATION Successful exploitation of these...
9.8CVSS
9.2AI Score
0.002EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: INEA Equipment: ME RTU Vulnerabilities: OS Command Injection, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution. 3....
9.9CVSS
8.5AI Score
0.002EPSS
KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...
5.7CVSS
5AI Score
0.0004EPSS
KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...
5.7CVSS
5.3AI Score
0.0004EPSS
KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...
5.7CVSS
6.8AI Score
0.0004EPSS
KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...
5.7CVSS
5.4AI Score
0.0004EPSS
Security Bulletin: NVIDIA GPU Display Driver - October 2023
NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...
8.2CVSS
8.2AI Score
0.001EPSS
CVE-2023-46139 KernelSU signature validation mismatch
KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic...
5CVSS
5.5AI Score
0.0004EPSS
Exploit for Infinite Loop in Openssl
OpenSSL 1.0.1g 7 Apr 2014 Copyright (c) 1998-2011 The OpenSSL...
7.5CVSS
6.6AI Score
0.013EPSS