Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47383)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47387)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47384)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47388)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47385)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47390)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...
8.8CVSS
7.4AI Score
0.002EPSS
7.8CVSS
7.2AI Score
0.001EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47386)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47382)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago...
8.8CVSS
7.4AI Score
0.002EPSS
Wago CODESYS V3 Stack-based Buffer Overflow (CVE-2022-47381)
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CMPapp Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. Wago PFC200....
8.8CVSS
7.4AI Score
0.002EPSS
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has....
6.5CVSS
6.5AI Score
0.001EPSS
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has....
6.5CVSS
5.1AI Score
0.001EPSS
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has....
6.5CVSS
6.6AI Score
0.001EPSS
CVE-2023-4984 didi KnowSearch 1 credentials storage
A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has....
4.3CVSS
6.8AI Score
0.001EPSS
v3.boldsystems.org Cross Site Scripting vulnerability OBB-3681628
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Information Disclosure Vulnerability on some Huawei Products (huawei-sa-20200715-03-informationleak)
There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get...
3.3CVSS
3.8AI Score
0.0004EPSS
Siemens SIMATIC, SIPLUS Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.5AI Score
0.001EPSS
Siemens WIBU Systems CodeMeter
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
10AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
7.4AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
6.5CVSS
6.5AI Score
0.001EPSS
Siemens RUGGEDCOM APE1808 Product Family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
9.8AI Score
0.975EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion8 Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to retrieve other...
8.8CVSS
6.9AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.8CVSS
7.8AI Score
0.001EPSS
PCI v4 is coming. Are you ready?
If you’ve landed here the chances are you are considering PCI compliance. At present the scheme is running against v3.2.1. In March 2022, the PCI Council released the long-anticipated v4.0. The Council stated that the changes represent their determination to “continue to meet the security needs of....
7AI Score
5.5CVSS
5.5AI Score
0.001EPSS
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating.....
7.8CVSS
7.4AI Score
0.0004EPSS
Hitachi Energy Lumada APM Edge
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Lumada Asset Performance Management (APM) Edge Vulnerabilities: Use After Free, Double Free, Type Confusion, Observable Discrepancy 2. RISK EVALUATION Successful...
7.5CVSS
8.2AI Score
0.004EPSS
Fujitsu Software Infrastructure Manager
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low attack complexity Vendor: Fujitsu Software Equipment: Infrastructure Manager Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker retrieving...
5.9CVSS
7AI Score
0.0004EPSS
The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by...
7.5CVSS
7.5AI Score
0.001EPSS
Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM...
7.5CVSS
7.3AI Score
0.001EPSS
Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM...
7.5CVSS
7.4AI Score
0.001EPSS
Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM...
7.5CVSS
7.3AI Score
0.001EPSS
Multiple vulnerabilities in OpenSSL affect AIX
IBM SECURITY ADVISORY First Issued: Mon Sep 11 10:43:54 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssl_advisory39.asc Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX...
7.5CVSS
6.9AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2023-2800)
The remote host is missing an update for the Huawei...
5.3CVSS
6.1AI Score
0.002EPSS
Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM...
7.6AI Score
0.001EPSS
matrix-media-repo: Unsafe media served inline on download endpoints
Impact A malicious user can upload an SVG image containing JavaScript to their server. When matrix-media-repo is asked to serve that media via the /_matrix/media/(r0|v3)/download endpoint, it would be served with a Content-Disposition of inline. This can allow JavaScript to run in the browser if a....
5.4CVSS
7AI Score
0.001EPSS
matrix-media-repo: Unsafe media served inline on download endpoints
Impact A malicious user can upload an SVG image containing JavaScript to their server. When matrix-media-repo is asked to serve that media via the /_matrix/media/(r0|v3)/download endpoint, it would be served with a Content-Disposition of inline. This can allow JavaScript to run in the browser if a....
5.4CVSS
6.9AI Score
0.001EPSS
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an...
5.3CVSS
5.3AI Score
0.0005EPSS
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330,...
7.5CVSS
6.2AI Score
0.0005EPSS
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330,...
7.5CVSS
7.4AI Score
0.0005EPSS
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an...
5.3CVSS
5.4AI Score
0.0005EPSS
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an...
5.3CVSS
5.4AI Score
0.0005EPSS
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330,...
7.5CVSS
7.5AI Score
0.0005EPSS
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an...
5.3CVSS
5.7AI Score
0.0005EPSS
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330,...
5.9CVSS
7.7AI Score
0.0005EPSS
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization,....
9.1CVSS
8.6AI Score
0.023EPSS
AIX is vulnerable to denial of service due to ISC BIND
IBM SECURITY ADVISORY First Issued: Thu Sep 7 13:08:07 CDT 2023 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bind_advisory24.asc Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2023-2828)...
7.5CVSS
6.6AI Score
0.001EPSS
EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Socomec Equipment: MOD3GP-SY-120K Vulnerabilities: Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Insecure Storage of Sensitive Information, Reliance on Cookies without Validation and...
10CVSS
7.4AI Score
0.001EPSS
Phoenix Contact TC ROUTER and TC CLOUD CLIENT
EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Phoenix Contact Equipment: TC ROUTER and TC CLOUD CLIENT Vulnerabilities: Cross-site Scripting, XML Entity Expansion 2. RISK EVALUATION Successful exploitation of this...
9.6CVSS
7.1AI Score
0.003EPSS
Dover Fueling Solutions MAGLINK LX Console
EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions Equipment: MAGLINK LX - Web Console Configuration Vulnerabilities: Authentication Bypass using an Alternate Path or Channel, Improper Access Control, Path Traversal 2. RISK...
9.1CVSS
7.4AI Score
0.001EPSS