Mitsubishi Electric Multiple Factory Automation Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC iQ-F Series Vulnerability: Insufficient Resource Pool 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
5.3CVSS
5.5AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
5.2AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
5.2AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
7.1AI Score
0.0004EPSS
Insufficient Resource Pool vulnerability in Ethernet function of Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote attacker to cause a temporary Denial of Service condition for a certain period of time in Ethernet communication of the products by performing TCP SYN...
5.3CVSS
5.5AI Score
0.0004EPSS
Exploit for OS Command Injection in Zyxel Usg Flex 100W Firmware
CVE-2022-30525 (Zyxel Firewall Remote Command Injection) A...
9.8CVSS
8.1AI Score
0.975EPSS
Oracle Linux 8 : thunderbird (ELSA-2024-0964)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0964 advisory. Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response...
9.6AI Score
0.0004EPSS
Oracle Linux 8 : firefox (ELSA-2024-0955)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0955 advisory. Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue only affects 32-bit...
9.6AI Score
0.0004EPSS
Oracle Linux 9 : thunderbird (ELSA-2024-0963)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0963 advisory. If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user...
9.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 ("ext4: make ext4_abort() use __ext4_error()"), the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2....
5.5CVSS
6.5AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
6.7AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
6.9AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
6.8AI Score
0.0004EPSS
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
6.5AI Score
0.0004EPSS
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
6.5AI Score
0.0004EPSS
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
7.4AI Score
0.0004EPSS
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
7.2AI Score
0.0004EPSS
8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation
More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing...
7.4AI Score
CVE-2024-0387 EDS-4000/G4000 Series IP Forwarding Vulnerability
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious...
6.5CVSS
6.7AI Score
0.0004EPSS
Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection
In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get started....
7.3AI Score
Oracle Linux 7 : firefox (ELSA-2024-0976)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0976 advisory. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim...
9.6AI Score
0.0004EPSS
Oracle Linux 7 : thunderbird (ELSA-2024-0957)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-0957 advisory. A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and...
9.6AI Score
0.0004EPSS
CentOS 7 : firefox (RHSA-2024:0976)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0976 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
9.7AI Score
0.0004EPSS
Fedora 39 : thunderbird (2024-81863a1613)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-81863a1613 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
7.4AI Score
0.0004EPSS
CVE-2024-0439 User can manually send request at manager permission to modify system configurations
As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request.....
7.1CVSS
7AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:0608-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0608-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have...
7.3AI Score
0.0004EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2024:0607-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0607-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have...
7.4AI Score
0.0004EPSS
Oracle Linux 9 : firefox (ELSA-2024-0952)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0952 advisory. A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and...
9.6AI Score
0.0004EPSS
Debian dsa-5630 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5630 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
7.3AI Score
0.0004EPSS
New Leak Shows Business Side of China’s APT Menace
A new data leak that appears to have come from one of China's top private cybersecurity firms provides a rare glimpse into the commercial side of China's many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...
7.1AI Score
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2024:0580-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0580-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an...
9.7AI Score
0.0004EPSS
Fedora 39 : firefox (2024-bc8ea2c2cb)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bc8ea2c2cb advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory...
9.7AI Score
0.0004EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6649-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6649-1 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL...
7.2AI Score
0.0004EPSS
Iranian Threat Actor Adapts Tactics to Stay One Step Ahead
Summary: Charming Kitten, an Iranian threat actor, has recently been linked to a series of attacks targeting the Middle East. This campaign involves deploying a new backdoor called BASICSTAR through a deceptive webinar portal. Threat Level - Red | Attack Report For a detailed threat advisory,...
7.1AI Score
How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity
Finding, managing and patching security vulnerabilities on any network, no matter the size, is a tall task. In the first week of 2024 alone, there were 621 new common IT security vulnerabilities and exposures (CVEs) disclosed worldwide, covering a range of applications, software and hardware that.....
10CVSS
7.3AI Score
0.976EPSS
TL;DR The VMware Enhanced Authentication plugin that is offered as part of VMware vSphere’s seamless login experience for the web console contains multiple vulnerabilities relating to Kerberos authentication relay. The first vulnerability, CVE-2024-22245, is a Kerberos relay vulnerability where a.....
9.6CVSS
7.2AI Score
0.0004EPSS
Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2024-052-01)
The version of mozilla-thunderbird installed on the remote host is prior to 115.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-052-01 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, ...
7.3AI Score
0.0004EPSS
Decoding Digital Transformation: AI, ML, and RPA in the Modern Era
Explore the first article in this series about AI, ML, and RPA, which aims to demystify and explore the full spectrum of these core...
7.2AI Score
Decoding Digital Transformation: AI, ML, and RPA in the Modern Era
Explore the first article in this series about AI, ML, and RPA, which aims to demystify and explore the full spectrum of these core...
7.2AI Score
Mozilla Firefox Security Advisory (MFSA2024-05) - Linux
This host is missing a security update for Mozilla...
8.8AI Score
0.0004EPSS
Debian dsa-5627 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5627 advisory. When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read....
9.7AI Score
0.0004EPSS
New Migo Malware Targeting Redis Servers for Cryptocurrency Mining
A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado...
9.8CVSS
7.4AI Score
0.074EPSS
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...
7.7AI Score
0.0004EPSS
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...
5.9AI Score
0.0004EPSS
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...
7.1AI Score
0.0004EPSS
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...
5.8AI Score
0.0004EPSS
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...
5.6AI Score
0.0004EPSS
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird <...
7.6AI Score
0.0004EPSS
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715)
November 14, 2023—KB5032190 (OS Builds 22621.2715 and 22631.2715) UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise multi-session.....
9.8CVSS
8.2AI Score
0.57EPSS