OceanStor 2800 V3,OceanStor 5300 V3,OceanStor 5500 V3,OceanStor 5600 V3,OceanStor 5800 V3 Security Vulnerabilities

CVE-2023-39279

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall...

CVE-2023-39276

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall...

CVE-2023-39277

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall...

CVE-2023-39280

SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall...

CVE-2023-39278

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall...

CVE-2023-20598

An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code...

Rockwell Automation FactoryTalk Linx

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Linx Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to information disclosure...

Schneider Electric EcoStruxure Power Monitoring Expert and Power Operation Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert, EcoStruxure Power Operation with Advanced Reports, EcoStruxure Power SCADA Operation with Advanced Reports *...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Tor vulnerabilities (USN-5036-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5036-1 advisory. In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of...

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Weintek cMT3000 HMI Web CGI

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Weintek Equipment: cMT3000 CMI Web CGI Vulnerabilities: Stack-based Buffer Overflow, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an...

Mitsubishi Electric MELSEC-F Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Corporation Equipment: MELSEC-F Series Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker...

Siemens Tecnomatix Plant Simulation

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

​PTC Kepware KepServerEX (Update A)

EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Kepware KepServerEX Vulnerabilities: Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of these...

Siemens SINEC NMS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SIMATIC CP products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Santesoft Sante FFT Imaging

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante FFT Imaging Vulnerability: Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary...

Advantech WebAccess

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could leak user...

Siemens SCALANCE W1750D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SICAM A8000 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens Mendix Forgot Password Module

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens Xpedition Layout Browser

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Hikvision Access Control and Intercom Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Hikvision Equipment: Access Control and Intercom Products Vulnerabilities: Session Fixation, Improper Access Control 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker...

Siemens CPCI85 Firmware of SICAM A8000 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Santesoft Sante DICOM Viewer Pro

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerabilities: Out-of-bounds Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to...

Siemens Simcenter Amesim

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Siemens SICAM PAS/PQS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Schneider Electric IGSS

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Schneider Electric Equipment: IGSS (Interactive Graphical SCADA System) Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

Mitsubishi Electric MELSEC-Q Series PLCs (Update A)

EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: MELSEC-Q series PLCs Vulnerability: Resource Exhaustion 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to send...

v3.drumandbass.at Cross Site Scripting vulnerability OBB-3736983

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Minio 2022-07-29T19-40-48Z Path Traversal

...

Unbreakable Enterprise kernel security update

[5.15.0-106.131.4] - jbd2: check 'jh->b_transaction' before removing it from checkpoint (Zhihao Cheng) - jbd2: fix checkpoint cleanup performance regression (Zhang Yi) - scsi: qla2xxx: Fix TMF leak through (Quinn Tran) - scsi: qla2xxx: Fix command flush during TMF (Quinn Tran) - scsi: qla2xxx:.....

Minio 2022-07-29T19-40-48Z - Path traversal Exploit

...

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change

...

Minio 2022-07-29T19-40-48Z - Path traversal

...

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

...

GLPI GZIP(Py3) 9.4.5 - RCE

...

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

...

GLPI GZIP(Py3) 9.4.5 - Remote Code Execution Exploit

...

Root takeover via signature spoofing

Description When an app requests "CMD_BECOME_MANAGER" via prctl, couple of checks done before promoting uid as root manager. Main check relies on requester's signature. Signature control is done in check_v2_signature function in kernel\apk_sign.c, this function accepts both V2 and V3 signatures...

Use of flashloan to inflate timeWeightedWeeklyGlobalAmbLiquidity_[poolIdx][currWeek] and timeWeightedWeeklyPositionAmbLiquidity_[poolIdx][posKey][currWeek]

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L245-L247 Vulnerability details Impact It is possible for a bad player to use flashloan to manipulate the system by making "valuable" LP to get....

Slippage attack on claiming rewards

Lines of code Vulnerability details Impact Exploiter can abuse slippage to claim more weekly reward. The amount of slippage damage is unclear due to lack of deployment context and testing. Worst case scenario is the exploiter own 100% deposit of single pool allowing extreme slippage to steal...

Potential denial of service due to out of bound gas usage

Lines of code Vulnerability details Summary The implementation of accrueConcentratedPositionTimeWeightedLiquidity() incurs in complex and unbounded computations that could lead to significant gast costs and a potential denial of service. Impact The liquidity mining program in the Ambient DEX will.....

Qognify NiceVision

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Qognify Equipment: NiceVision Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve sensitive...

Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS65x, AFF66x, AFS67x, AFR67x Series Vulnerabilities: Incorrect Calculation, Integer Overflow or Wraparound, Improper Encoding or Escaping of Output, Exposure of...

AIX is vulnerable to sensitive information exposure due to Perl - CVE-2023-2331486,AIX is vulnerable to sensitive information exposure due to Perl - CVE-2023-31484

IBM SECURITY ADVISORY First Issued: Thu Oct 5 10:44:37 CDT 2023 |Updated: Thu Nov 2 09:55:16 CDT 2023 |Update: iFixes are now available for Perl 5.28.1 and 5.34.1. | Perl version 5.28.1.7 and higher, and Perl version 5.34.1.4 and higher, | have a dependency on OpenSSL 3.0. | The iFixes are...

AIX is vulnerable to a denial of service due to NTP

IBM SECURITY ADVISORY First Issued: Thu Oct 5 10:43:28 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/ntp_advisory14.asc Security Bulletin: AIX is vulnerable to a denial of service due to NTP (CVE-2023-26551,...

Exploit for OS Command Injection in Paloaltonetworks Prisma Access

CVE-2021-3060 POC/ Exploit Description: An OS command...

Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)

Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities By Gurumoorthi Ramanathan · October 5, 2023 Executive Summary: In early July 2023, the threat actor that Microsoft calls “Storm-0324” was observed sending a phishing message through Microsoft Teams. Storm-0324 is a financially...

Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)

Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities By Gurumoorthi Ramanathan · October 5, 2023 Executive Summary: In early July 2023, the threat actor that Microsoft calls “Storm-0324” was observed sending a phishing message through Microsoft Teams. Storm-0324 is a financially...