This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected...
8.8CVSS
0.001EPSS
This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected...
8.8CVSS
8.8AI Score
0.001EPSS
This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected...
8.8CVSS
7.7AI Score
0.001EPSS
CVE-2023-5500 Frauscher: FDS102 for FAdC/FAdCi remote code execution vulnerability
This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected...
8.8CVSS
9.2AI Score
0.001EPSS
JVN#34145838: Multiple denial-of-service (DoS) vulnerabilities in JTEKT ELECTRONICS HMI GC-A2 series
HMI GC-A2 series provided by JTEKT ELECTRONICS CORPORATION contains multiple denial-of-service (DoS) vulnerabilities listed below. Denial-of-service (DoS) vulnerability in FTP service (CWE-400) - CVE-2023-41963 Version| Vector| Score ---|---|--- CVSS v3|...
7.5CVSS
7.7AI Score
0.001EPSS
Exploit for OS Command Injection in Cisco Ios Xe
CVE-2023-20273 CVE-2023-20273 Exploit PoC Usage ```...
7.2CVSS
6.9AI Score
0.036EPSS
Summary There are multiple vulnerabilities in Runtimes 22.2 component impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2023-2800 DESCRIPTION: **Hugging Face Transformers is vulnerable...
9.8CVSS
8.9AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM System Networking Switch Center (SNSC). These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Vulnerability Details VEID: CVE-2018-2579 DESCRIPTION: An...
5.3CVSS
1.4AI Score
0.004EPSS
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin...
7.2CVSS
0.001EPSS
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin...
7.2CVSS
6.9AI Score
0.001EPSS
The affected devices use publicly available default credentials with administrative...
9.8CVSS
9.4AI Score
0.001EPSS
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin...
7.2CVSS
7.2AI Score
0.001EPSS
CVE-2023-39171 SENEC Storage Box V1,V2 and V3 accidentially expose a management interface
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin...
7.2CVSS
7.2AI Score
0.001EPSS
In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive...
7.5CVSS
0.002EPSS
In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive...
7.5CVSS
7.5AI Score
0.002EPSS
The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network...
9.1CVSS
8.9AI Score
0.001EPSS
In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive...
7.5CVSS
6.9AI Score
0.002EPSS
CVE-2023-39169 SENEC: Storage Box V1,V2 and V3 using default credentials
The affected devices use publicly available default credentials with administrative...
9.8CVSS
9.8AI Score
0.001EPSS
CVE-2023-39167 SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability
In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2023-39172 SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted
The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network...
9.1CVSS
9.3AI Score
0.001EPSS
Schweitzer Engineering Laboratories SEL-411L
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schweitzer Engineering Laboratories Equipment: SEL-411L Vulnerability: Improper Restriction of Rendered UI Layers or Frames 2. RISK EVALUATION Successful exploitation of this vulnerability...
6.1CVSS
7AI Score
0.001EPSS
Sierra Wireless AirLink with ALEOS firmware
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sierra Wireless Equipment: AirLink Vulnerabilities: Infinite Loop, NULL Pointer Dereference, Cross-site Scripting, Reachable Assertion, Use of Hard-coded Credentials, Use of Hard-coded...
8.1CVSS
7.7AI Score
0.001EPSS
Mitsubishi Electric FA Engineering Software Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Mitsubishi Electric Equipment: MELIPC , MELSEC iQ-R, and MELSEC Q Series Vulnerabilities: Processor Optimization Removal or Modification of Security-Critical Code, Observable Discrepancy 2. RISK EVALUATION Successful exploitation of these...
5.5CVSS
7.2AI Score
0.0005EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: ControlByWeb Equipment: X-332 and X-301 Vulnerability: Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to run...
7.5CVSS
6.7AI Score
0.0004EPSS
Traefik docker container using 100% CPU
Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the.....
7.5CVSS
7AI Score
0.0005EPSS
Traefik docker container using 100% CPU
Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the.....
7.5CVSS
7AI Score
0.0005EPSS
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers (slowloris...
5.9CVSS
6.9AI Score
0.001EPSS
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the HTTPChallenge to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attackers (slowloris...
5.9CVSS
6.9AI Score
0.001EPSS
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another...
6.5CVSS
7AI Score
0.001EPSS
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another...
6.5CVSS
7AI Score
0.001EPSS
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper...
6.8AI Score
0.001EPSS
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable with adjacent access/low attack complexity Vendor: Zebra Technologies Equipment: ZTC Industrial ZT410, ZTC Desktop GK420d Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful...
5.4CVSS
7.1AI Score
0.0004EPSS
Pre-auth RCE in Apache Ofbiz 18.12.09. It’s due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10. Users are recommended to upgrade to version 18.12.10 Recent assessments: cbeek-r7 at January 03, 2024 8:34am UTC reported: CVE-2023-49070 is a...
9.8CVSS
8.2AI Score
0.798EPSS
Security Advisory 0090 _._CSAF PDF Date: December 5, 2023 Revision | Date | Changes ---|---|--- 1.0 | December 5, 2023 | Initial release The CVE-ID tracking this issue: CVE-2023-24547 CVSSv3.1 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H) Common Weakness Enumeration: CWE-212:...
6.5CVSS
5.7AI Score
0.0005EPSS
7.4AI Score
IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called...
9.8CVSS
8.3AI Score
0.974EPSS
An input validation vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to create a denial of service against the system and locking out services. See product Instruction Manual Appendix A dated 20230830 for more...
6.5CVSS
6.2AI Score
0.001EPSS
An Improper Authentication vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote unauthenticated attacker to potentially perform session hijacking attack and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more...
9.8CVSS
9.4AI Score
0.001EPSS
An allocation of resources without limits or throttling vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow a remote authenticated attacker to make the system unavailable for an indefinite amount of time. See product Instruction Manual Appendix A dated 20230830 for more...
6.5CVSS
6.2AI Score
0.001EPSS
An Improper neutralization of input during web page generation in the Schweitzer Engineering Laboratories SEL-411L could allow an attacker to generate cross-site scripting based attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more.....
6.1CVSS
6AI Score
0.0005EPSS
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the Schweitzer Engineering Laboratories SEL-451 could allow an attacker to craft a link that could execute arbitrary code on a victim's system. See product Instruction Manual Appendix A dated 20230830 for...
6.1CVSS
6.6AI Score
0.001EPSS
An Improper Input Validation vulnerability in Schweitzer Engineering Laboratories SEL-411L could allow an attacker to perform reflection attacks against an authorized and authenticated user. See product Instruction Manual Appendix A dated 20230830 for more...
5.4CVSS
5.4AI Score
0.0005EPSS
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more...
9.8CVSS
9.4AI Score
0.001EPSS
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more...
7.8CVSS
7.4AI Score
0.0004EPSS
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more.....
6.1CVSS
6.3AI Score
0.001EPSS
Mitsubishi Electric FA Engineering Software Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious...
7.8CVSS
7.9AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DOPSoft Vulnerability: Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution. 3....
7.8CVSS
8.3AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: KEPServerEX, ThingWorx, OPC-Aggregator Vulnerabilities: Heap-based Buffer Overflow, Improper Validation of Certificate with Host Mismatch 2. RISK EVALUATION Successful...
9.1CVSS
8.6AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: STARDOM FCN/FCJ Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to cause a...
5.3CVSS
7.2AI Score
0.001EPSS
AIX is vulnerable to arbitrary command execution due to invscout
IBM SECURITY ADVISORY First Issued: Thu Nov 30 10:49:53 CST 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/invscout_advisory5.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout...
8.4CVSS
7.2AI Score
0.0004EPSS