OceanStor 2800 V3,OceanStor 5300 V3,OceanStor 5500 V3,OceanStor 5600 V3,OceanStor 5800 V3 Security Vulnerabilities

CVE-2023-5113

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via...

Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting

Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php...

Cisco Adaptive Security Appliance Software Remote Access VPN Unauthorized Access - Brute Force Attack (cisco-sa-asaftd-ravpn-auth-8LyfCkeC)

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations. This vulnerability is due to improper separation.....

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav...

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav...

Deserialization of untrusted data

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav...

CVE-2023-4929

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of...

CVE-2023-43176

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav...

Exploit for Improper Resource Shutdown or Release in Eero Eeroos

eeroOS Ethernet Interface Denial of Service Vulnerability...

CVE-2023-5300

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2023-5300

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

Sql injection

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2023-5300 TTSPlanning sql injection

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

CVE-2023-5300 TTSPlanning sql injection

A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The...

What’s New in InsightVM and Nexpose: Q3 2023 in Review

A lot of new and exciting product updates this quarter to help customers continue driving better security outcomes. We are thrilled to launch a new vulnerability risk scoring strategy this quarter along with upgrades like improved UI for the Engine Pool page, more policy coverage, and more. Let’s.....

Exploit for Vulnerability in Fit2Cloud Jumpserver

CVE-2023-42820 漏洞描述 JumpServer 是一款广受欢迎的开源堡垒机，是符合 4A...

DEXMA DexGate

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: DEXMA Equipment: DEXGate Vulnerabilities: Cross-Site Scripting, Cross-Site Request Forgery, Improper Authentication, Cleartext Transmission of Sensitive Information, Exposure of Sensitive...

Rockwell Automation PanelView 800

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PanelView 800 Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose...

Exploit for PHP External Variable Modification in Juniper Junos

Juniper Scanner Scanner for CVE-2023-36845 by bt0 More...

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid...

Suprema BioStar 2

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Suprema Inc. Equipment: BioStar 2 Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

SOCOMEC MODULYS GP (UPDATE A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: SOCOMEC Equipment: MODULYS GP Vulnerability: Weak Encoding for Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to obtain sensitive...

Mitsubishi Electric FA Engineering Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to...

Advantech EKI-1524-CE series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Advantech Equipment: EKI-1524-CE, EKI-1522-CE, EKI-1521-CE Vulnerabilities: Cross-Site Scripting 2. RISK EVALUATION Successful exploitation of these...

Baker Hughes Bently Nevada 3500

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Baker Hughes - Bently Nevada Equipment: Bently Nevada 3500 System Vulnerabilities: Exposure of Sensitive Information to an Unauthorized Actor, Cleartext Transmission of Sensitive Information,...

Hitachi Energy Asset Suite 9

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Asset Suite 9 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to enter an...

Malicious code in fca-rqzax-v3 (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (0ecedbb47457d84a3321523d3e9df1d860170b1c57af2d4fb6b5faf7f89b742a) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

JVN#97197972: Multiple vulnerabilities in WordPress plugin "Welcart e-Commerce"

WordPress plugin "Welcart e-Commerce" provided by Collne Inc. contains multiple vulnerabilities listed below. Unrestricted Upload of File with Dangerous Type (CWE-434) - CVE-2023-40219 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N| Base Score: 2.7 CVSS...

Siemens Spectrum Power 7

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Delta Electronics DIAScreen

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED...

Rockwell Automation Select Logix Communication Modules

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1756-EN2T, 1756-EN2TK, 1756-EN2TXT, 1756-EN2TP, 1756-EN2TPK, 1756-EN2TPXT, 1756-EN2TR, 1756-EN2TRK, 1756-EN2TRXT, 1756-EN2F, 1756-EN2FK, 1756-EN3TR, 1756-EN3TRK...

Rockwell Automation Connected Components Workbench

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: Rockwell Automation Equipment: Connected Components Workbench Vulnerabilities: Use After Free, Out-of-bounds Write 2. RISK EVALUATION...

Rockwell Automation FactoryTalk View Machine Edition

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View Machine Edition Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

Real Time Automation 460 Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.4 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Real Time Automation Equipment: 460MCBS Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an...

CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...

CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local...

Omron Engineering Software Zip-Slip

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio, NX-IO Configurator Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to overwrite files on a system. 3....

Omron Engineering Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Omron Equipment: Sysmac Studio Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1...

Siemens SIMATIC PCS neo Administration Console

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

Omron CJ/CS/CP Series

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Omron Equipment: Sysmac CJ/CS/CP Series Vulnerability: Improper Control of Interaction Frequency 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

Debian DSA-5500-1 : flac - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5500 advisory. Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder....

Debian: Security Advisory (DSA-5500-1)

The remote host is missing an update for the...

This Week in Spring - September 19th, 2023 (Java 21 Edition)

Hi, Spring fans! Welcome to another installment of This Week in Spring - Java 21 edition! The big news, indeed, the biggest news, is that Java 21 is now available here! You should use SDKMAN to install it, like this: sdk install java 21-graalce && sdk default java 21-graalce. This install givews...

[SECURITY] [DSA 5500-1] flac security update

Debian Security Advisory DSA-5500-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 18, 2023 https://www.debian.org/security/faq Package : flac CVE ID : CVE-2020-22219 A buffer overflow was...

Wago CODESYS V3 Improper Input Validation (CVE-2022-47391)

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability in the CMPDevice Component to read from invalid addresses leading to a denial of service. Wago PFC200 and Compact Controllers support Codesys V3. This plugin only...

Wago CODESYS V3 Out-of-bounds Write (CVE-2022-47379)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC200....

Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47389)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...

Wago CODESYS V3 Improper Restriction of Operations (CVE-2022-47393)

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the CmpFileTransfer Component of multiple versions of multiple CODESYS products to force a denial-of-service situation. Wago PFC200 and Compact Controllers support...

Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47380)

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC200....

Wago CODESYS V3 Improper Input Validation (CVE-2022-47392)

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition. Wago PFC200 and Compact Controllers...