Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code...
9.8CVSS
9.5AI Score
0.001EPSS
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...
7.5CVSS
7.8AI Score
0.001EPSS
Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of...
5.5CVSS
5.9AI Score
0.0004EPSS
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code...
9.8CVSS
8.5AI Score
0.013EPSS
Rockwell Automation SIS Workstation and ISaGRAF Workbench
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: SIS Workstation and ISaGRAF Workbench Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unprivileged local users...
7.8CVSS
7.8AI Score
0.002EPSS
AVEVA Operations Control Logger
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: Operations Control Logger Vulnerabilities: Execution with Unnecessary Privileges, External Control of File Name or Path 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
7.8CVSS
8.3AI Score
0.0004EPSS
6.9AI Score
0.002EPSS
JVN#17806703: Multiple vulnerabilities in Cisco Firepower Management Center Software
Cisco Firepower Management Center Software provided by Cisco Systems contains multiple vulnerabilities listed below. OS command injection (CWE-78) - CVE-2023-20219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H| Base Score: 6.6 CVSS v2|...
8.8CVSS
7.7AI Score
0.001EPSS
JVN#96209256: Multiple vulnerabilities in Pleasanter
Pleasanter provided by Implem Inc. contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability (CWE-79) - CVE-2023-34439 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4 CVSS v2| AV:N/AC:M/Au:S/C:N/I:P/A:N|...
7.5CVSS
6.8AI Score
0.001EPSS
7.4AI Score
EPSS
7.4AI Score
EPSS
7AI Score
EPSS
GitLab 16.0 < 16.3.6 / 16.4 < 16.4.2 / 16.5 < 16.5.1 (CVE-2023-5600)
The version of GitLab installed on the remote host is between 16.0 prior to 16.3.6, 16.4 prior to 16.4.2 or 16.5 prior to 16.5.1. It is, therefore, affected by an improper access control vulnerability as referenced in the vendor advisory. Arbitrary access to the titles of an private specific...
7.5AI Score
EPSS
7.4AI Score
EPSS
Hitachi Energy MicroSCADA Pro/X SYS600 Products (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: MicroSCADA X SYS600, MicroSCADA Pro Vulnerability: Improper Use of Validation Framework 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user...
8.8CVSS
8.2AI Score
0.001EPSS
Mitsubishi Electric MELSEC and MELIPC Series (Update G)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC and MELIPC Series Vulnerabilities: Uncontrolled Resource Consumption, Improper Handling of Length Parameter Inconsistency, Improper Input Validation 2....
7.5CVSS
8.3AI Score
0.002EPSS
Johnson Controls Quantum HD Unity
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable Remotely/Low attack complexity Vendor: Johnson Controls Inc. Equipment: Quantum HD Unity Vulnerability: Active Debug Code 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized user to access...
10CVSS
7.4AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: eSOMS Vulnerabilities: Generation of Error Message Containing Sensitive Information, Exposure of Sensitive System Information to an Unauthorized Control Sphere 2....
5.3CVSS
5.6AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause...
7.5CVSS
7.5AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause...
7.5CVSS
7.5AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause...
7.5CVSS
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause...
7.5CVSS
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause...
7.5CVSS
7.1AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause...
7.5CVSS
7.2AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause...
7.1CVSS
7.8AI Score
0.0005EPSS
An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause...
7.1CVSS
7.7AI Score
0.0005EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and...
7.3CVSS
7.5AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: General Electric Equipment: MiCOM S1 Agile Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload malicious files and...
7.5AI Score
0.0004EPSS
IBM SECURITY ADVISORY First Issued: Tue Nov 7 11:16:49 CST 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc Security Bulletin: AIX is affected by a denial of service (CVE-2023-45167) and a security...
6.2CVSS
7.3AI Score
0.0005EPSS
Rocky Linux 8 : mysql:8.0 (RLSA-2019:2511)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:2511 advisory. Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and...
7.1CVSS
7.5AI Score
0.005EPSS
Rocky Linux 8 : nodejs:14 (RLSA-2022:0350)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0350 advisory. This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator....
9.8CVSS
7.7AI Score
0.012EPSS
Rocky Linux 8 : mariadb:10.3 (RLSA-2020:5500)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:5500 advisory. Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17...
9CVSS
8.8AI Score
0.009EPSS
Mitsubishi Electric MELSEC Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC Series Vulnerability: Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability may...
9.1CVSS
6.9AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: EasyBuilder Pro Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain remote...
9.8CVSS
7.4AI Score
0.001EPSS
Franklin Fueling System TS-550
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Franklin Fueling System Equipment: TS-550 Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful exploitation...
9.8CVSS
7.6AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Red Lion Equipment: FlexEdge Gateway, DA50A, DA70A running Crimson Vulnerability: Improper Neutralization of Null Byte or NUL Character 2. RISK EVALUATION Successful exploitation of this...
9.8CVSS
7.4AI Score
0.001EPSS
Schneider Electric SpaceLogic C-Bus Toolkit
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: SpaceLogic C-Bus Toolkit Vulnerabilities: Improper Privilege Management, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
9.8CVSS
8.8AI Score
0.002EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.1AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
6.6AI Score
EPSS
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE...
9.8CVSS
9.6AI Score
0.001EPSS
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to...
7.5AI Score
0.001EPSS
Multiple Cisco Products Snort FTP Inspection Bypass Vulnerability
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could....
7.4AI Score
0.001EPSS
A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software or Cisco FirePOWER Services could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all.....
7.6AI Score
0.001EPSS
Cisco Firepower Threat Defense Software Snort 3 Geolocation IP Filter Bypass Vulnerability
A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by....
7.4AI Score
0.001EPSS
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to...
7.5AI Score
0.001EPSS
A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs...
7.6AI Score
0.001EPSS
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied...
7.6AI Score
0.001EPSS
Multiple Cisco Products Snort 3 Access Control Policy Bypass Vulnerability
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being...
7.4AI Score
0.001EPSS
A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6...
7.5AI Score
0.001EPSS
A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root...
8.1AI Score
0.0004EPSS