6.8AI Score
pg-rain.de Cross Site Scripting vulnerability OBB-3244600
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
6.8AI Score
7.4AI Score
6.8AI Score
7.4AI Score
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2023-070)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-070 advisory. Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341) LFENCE/JMP (mitigation V2-2) may not...
9.5AI Score
EPSS
When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before -- let alone written a Snort rule or infiltrated a dark web forum. He jokes that he was a trendsetter at Talos, becoming the first of many to break into security without having any prior...
6.4AI Score
Revive Adserver 4.2 - Remote Code Execution
Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g....
9.8CVSS
10AI Score
0.281EPSS
Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's...
8.8CVSS
8.7AI Score
0.002EPSS
Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by...
4.3CVSS
4.3AI Score
0.001EPSS
9.8CVSS
-0.3AI Score
0.005EPSS
9.8CVSS
-0.2AI Score
0.005EPSS
Siemens Industrial Products Intel CPUs Missing Encryption of Sensitive Data (CVE-2020-24513)
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
7.1AI Score
0.001EPSS
Siemens SIMATIC Industrial Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.9CVSS
1.5AI Score
0.0004EPSS
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to....
8.1CVSS
8AI Score
0.001EPSS
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to....
8.1CVSS
7.7AI Score
0.001EPSS
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to....
8.1CVSS
8.3AI Score
0.001EPSS
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to....
8.1CVSS
8.3AI Score
0.001EPSS
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to....
8.6AI Score
0.001EPSS
0.2AI Score
Oracle Linux 8 : ruby:2.5 (ELSA-2023-12064)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12064 advisory. There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion,...
8.7AI Score
0.004EPSS
7.5CVSS
1.3AI Score
0.004EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2891)
The remote host is missing an update for the Huawei...
8.2CVSS
7.7AI Score
EPSS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-2873)
The remote host is missing an update for the Huawei...
7.8CVSS
7.2AI Score
EPSS
EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2022-2891)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user...
8.2CVSS
9.1AI Score
0.006EPSS
EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-2873)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user...
7.8CVSS
8.9AI Score
0.006EPSS
Siemens Industrial PCs and CNC devices (Update A)
EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Industrial PCs and CNC devices Vulnerabilities: Improper Input Validation, Improper Authentication, Improper Isolation of Shared Resources on System-on-a-Chip, Improper Privilege Management 2. UPDATE...
7.8CVSS
7.2AI Score
0.001EPSS
Siemens Industrial Products Intel CPUs (Update G)
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINUMERIK Vulnerabilities: Missing Encryption of Sensitive Data 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-21-222-05 Siemens Industrial...
7.8CVSS
8AI Score
0.001EPSS
...
0.5AI Score
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and.....
6.8CVSS
6.8AI Score
0.0004EPSS
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN...
8.8CVSS
8.7AI Score
0.001EPSS
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN...
8.8CVSS
0.001EPSS
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and.....
6.8CVSS
6.9AI Score
0.0004EPSS
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN...
8.8CVSS
8.8AI Score
0.001EPSS
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN...
9AI Score
0.001EPSS
(RHSA-2022:8532) Important: Satellite 6.9.10 Async Security Update
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard...
0.9AI Score
0.009EPSS
RHEL 7 : Satellite 6.9.10 Async Security Update (Important) (RHSA-2022:8532)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8532 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...
9.1CVSS
8.9AI Score
0.009EPSS
Rocky Linux 8 : ruby:3.0 (RLSA-2022:6450)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6450 advisory. A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user...
9.8CVSS
9.5AI Score
0.004EPSS
Path Traversal that leads to Remote Code Execution via PHP file upload
📜 Description A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may...
1.4AI Score
3.1 bug fix and enhancement update
An update is available for rubygem-mysql2, rubygem-pg, ruby. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this...
1.9AI Score
3.1 bug fix and enhancement update
An update is available for rubygem-mysql2, rubygem-pg, rubygem-abrt, ruby. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes...
1.9AI Score