SIMATIC ET200pro, IM 154-4 PN HF Security Vulnerabilities
CVE-2022-45639 affecting package sleuthkit 4.9.0-4
CVE-2022-45639 affecting package sleuthkit 4.9.0-4. No patch is available...
7.8CVSS
7.5AI Score
0.004EPSS
CVE-1999-0901 affecting package ypserv 4.1-4
CVE-1999-0901 affecting package ypserv 4.1-4. No patch is available...
6.9AI Score
0.0004EPSS
CVE-2021-28543 affecting package varnish-modules 0.16.0-4
CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.002EPSS
CVE-2022-25345 affecting package opus 1.3.1-4
CVE-2022-25345 affecting package opus 1.3.1-4. No patch is available...
7.5CVSS
7.7AI Score
0.001EPSS
CVE-1999-0902 affecting package ypserv 4.1-4
CVE-1999-0902 affecting package ypserv 4.1-4. No patch is available...
6.9AI Score
0.0004EPSS
CVE-2007-1397 affecting package fish 3.1.2-4
CVE-2007-1397 affecting package fish 3.1.2-4. This CVE either no longer is or was never...
7.5AI Score
0.171EPSS
CVE-2017-5834 affecting package libplist 2.1.0-4
CVE-2017-5834 affecting package libplist 2.1.0-4. No patch is available...
5.5CVSS
7.1AI Score
0.002EPSS
CVE-2022-1941 affecting package mysql 8.0.35-4
CVE-2022-1941 affecting package mysql 8.0.35-4. No patch is available...
7.5CVSS
7.7AI Score
0.002EPSS
CVE-2022-20001 affecting package fish 3.1.2-4
CVE-2022-20001 affecting package fish 3.1.2-4. This CVE either no longer is or was never...
7.8CVSS
8AI Score
0.002EPSS
CVE-2013-7381 affecting package libnotify 0.7.9-4
CVE-2013-7381 affecting package libnotify 0.7.9-4. This CVE either no longer is or was never...
9.8CVSS
7AI Score
0.003EPSS
CVE-2017-5836 affecting package libplist 2.1.0-4
CVE-2017-5836 affecting package libplist 2.1.0-4. No patch is available...
7.5CVSS
7.7AI Score
0.003EPSS
CVE-2017-5835 affecting package libplist 2.1.0-4
CVE-2017-5835 affecting package libplist 2.1.0-4. No patch is available...
7.5CVSS
7.1AI Score
0.003EPSS
CVE-2023-25136 affecting package openssh 8.9p1-4
CVE-2023-25136 affecting package openssh 8.9p1-4. This CVE either no longer is or was never...
6.5CVSS
7AI Score
0.009EPSS
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...
5.5CVSS
7.2AI Score
0.511EPSS
CVE-2000-0006 affecting package strace 5.16-4
CVE-2000-0006 affecting package strace 5.16-4. This CVE either no longer is or was never...
6.7AI Score
0.001EPSS
CVE-2020-14150 affecting package bison 3.1-4
CVE-2020-14150 affecting package bison 3.1-4. No patch is available...
5.5CVSS
7.5AI Score
0.0004EPSS
CVE-2022-44793 affecting package net-snmp 5.9-4
CVE-2022-44793 affecting package net-snmp 5.9-4. No patch is available...
6.5CVSS
6.9AI Score
0.003EPSS
CVE-2018-14040 affecting package boost 1.66.0-4
CVE-2018-14040 affecting package boost 1.66.0-4. This CVE either no longer is or was never...
6.1CVSS
7.4AI Score
0.008EPSS
CVE-2022-39348 affecting package python-twisted 20.3.0-4
CVE-2022-39348 affecting package python-twisted 20.3.0-4. No patch is available...
5.4CVSS
7.5AI Score
0.002EPSS
CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4
CVE-2018-25032 affecting package grpc for versions less than 1.35.0-4. A patched version of the package is...
7.5CVSS
7.5AI Score
0.003EPSS
CVE-2022-3857 affecting package libpng 1.6.37-4
CVE-2022-3857 affecting package libpng 1.6.37-4. No patch is available...
5.5CVSS
7.5AI Score
0.001EPSS
CVE-2022-3515 affecting package gnupg2 2.2.20-4
CVE-2022-3515 affecting package gnupg2 2.2.20-4. This CVE either no longer is or was never...
9.8CVSS
9.9AI Score
0.005EPSS
CVE-2022-44792 affecting package net-snmp 5.9-4
CVE-2022-44792 affecting package net-snmp 5.9-4. No patch is available...
6.5CVSS
6.9AI Score
0.003EPSS
CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4
CVE-2020-0569 affecting package qt5-qtsvg 5.12.11-4. This CVE either no longer is or was never...
5.7CVSS
7.5AI Score
0.0004EPSS
Singapore Police Extradites Malaysians Linked to Android Malware Fraud
The Singapore Police Force (SPF) has announced the extradition of two men from Malaysia for their alleged involvement in a mobile malware campaign targeting citizens in the country since June 2023. The unnamed individuals, aged 26 and 47, engaged in scams that tricked unsuspecting users into...
7AI Score
Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....
5.7CVSS
6.9AI Score
EPSS
Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....
5.7CVSS
6.9AI Score
EPSS
Firefly III has a MFA bypass in oauth flow
Impact A MFA bypass in the Firefly III OAuth flow may allow malicious users to bypass the MFA-check. This allows malicious users to use password spraying to gain access to your Firefly III data using passwords stolen from other sources. As OAuth applications are easily enumerable using an...
5.9CVSS
7.2AI Score
EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has...
7.3CVSS
EPSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has...
7.3CVSS
7.5AI Score
EPSS
CVE-2024-6065 itsourcecode Bakery Online Ordering System index.php sql injection
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has...
7.3CVSS
EPSS
Malvertising Campaign Leads to Execution of Oyster Backdoor
The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....
7.1AI Score
A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this issue is the function swf_svg_add_iso_sample of the file src/filters/load_text.c of the component MP4Box. The manipulation leads to null pointer dereference. The attack needs to be...
3.3CVSS
7AI Score
EPSS
A vulnerability has been found in GPAC 2.5-DEV-rev228-g11067ea92-master and classified as problematic. Affected by this vulnerability is the function isoffin_process of the file src/filters/isoffin_read.c of the component MP4Box. The manipulation leads to infinite loop. It is possible to launch...
3.3CVSS
6.8AI Score
EPSS
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...
EPSS
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...
8.6AI Score
EPSS
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...
3.7CVSS
EPSS
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...
3.7CVSS
4.2AI Score
EPSS
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...
3.7CVSS
EPSS
A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...
6.6AI Score
EPSS
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at...
6.2AI Score
EPSS
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at...
EPSS
Summary IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna. This bulletin identifies the steps required to address these vulnerabilities Vulnerability Details ** CVEID: CVE-2023-6004 DESCRIPTION: **libssh could allow a local...
5.9CVSS
8.6AI Score
EPSS
Software: giflib 5.2.1 OS: ROSA-CHROME package_evr_string: giflib-5.2.1-4 CVE-ID: CVE-2023-39742 BDU-ID: 2023-05863 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getarg.c component of the GIFLIB library for handling GIF files is related to a segmentation error. Exploitation of the...
5.5CVSS
5.7AI Score
0.001EPSS
8.3AI Score
0.0004EPSS
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
9.8AI Score
0.001EPSS
7.4AI Score
RHEL 8 : firefox (RHSA-2024:3953)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3953 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades...
8.2AI Score
0.0004EPSS
Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at...
EPSS
8CVSS
8AI Score
0.0004EPSS