Lucene search

K

Runtime Security Vulnerabilities

cve
cve

CVE-2024-5000

An unauthenticated remote attacker can use a malicious OPC UA client to send a crafted request to affected CODESYS products which can cause a DoS due to incorrect calculation of buffer...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-06-04 09:15 AM
13
cve
cve

CVE-2024-2637

An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R.....

7.2CVSS

6.9AI Score

0.0004EPSS

2024-05-14 07:15 PM
36
cve
cve

CVE-2023-46280

A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions),...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-05-14 04:15 PM
30
cve
cve

CVE-2023-50821

A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC04), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 1), SIMATIC WinCC V7.5 (All...

6.2CVSS

6.4AI Score

0.0004EPSS

2024-04-09 09:15 AM
26
cve
cve

CVE-2024-29032

Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can lead to arbitrary code...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-03-20 09:15 PM
41
cve
cve

CVE-2023-48363

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-02-13 09:15 AM
31
cve
cve

CVE-2023-48364

A vulnerability has been identified in OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19...

6.5CVSS

6.2AI Score

0.0004EPSS

2024-02-13 09:15 AM
33
cve
cve

CVE-2024-22361

IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...

7.5CVSS

7.1AI Score

0.001EPSS

2024-02-10 03:15 PM
21
cve
cve

CVE-2023-6028

A reflected cross-site scripting (XSS) vulnerability exists in the SVG version of System Diagnostics Manager of B&R Automation Runtime versions <= G4.93 that enables a remote attacker to execute arbitrary JavaScript code in the context of the attacked user’s browser...

6.1CVSS

6AI Score

0.001EPSS

2024-02-05 06:15 PM
13
cve
cve

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product...

9.8CVSS

9.3AI Score

0.001EPSS

2024-02-05 04:15 PM
29
cve
cve

CVE-2023-52284

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is...

5.5CVSS

5.5AI Score

0.0004EPSS

2023-12-31 06:15 AM
18
cve
cve

CVE-2023-6357

A low-privileged remote attacker could exploit the vulnerability and inject additional system commands via file system libraries which could give the attacker full control of the...

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-05 03:15 PM
18
cve
cve

CVE-2023-48105

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in...

7.5CVSS

7.5AI Score

0.001EPSS

2023-11-22 11:15 PM
7
cve
cve

CVE-2023-26219

The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and.....

8.8CVSS

8.5AI Score

0.001EPSS

2023-10-25 06:17 PM
18
cve
cve

CVE-2023-45133

Babel is a compiler for writingJavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that...

9.3CVSS

8.7AI Score

0.001EPSS

2023-10-12 05:15 PM
113
cve
cve

CVE-2023-3935

A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host...

9.8CVSS

9.7AI Score

0.001EPSS

2023-09-13 02:15 PM
60
cve
cve

CVE-2023-28831

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by...

7.5CVSS

7.5AI Score

0.001EPSS

2023-09-12 10:15 AM
96
cve
cve

CVE-2023-40309

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality....

9.8CVSS

9.5AI Score

0.001EPSS

2023-09-12 03:15 AM
51
cve
cve

CVE-2023-40308

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any...

7.5CVSS

7.7AI Score

0.001EPSS

2023-09-12 02:15 AM
28
cve
cve

CVE-2023-28823

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

8.3AI Score

0.0004EPSS

2023-08-11 03:15 AM
16
cve
cve

CVE-2023-27391

Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local...

6.7CVSS

7.9AI Score

0.0004EPSS

2023-08-11 03:15 AM
18
cve
cve

CVE-2023-22840

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local...

5.5CVSS

5.1AI Score

0.0004EPSS

2023-08-11 03:15 AM
11
cve
cve

CVE-2023-22338

Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local...

5.5CVSS

4.8AI Score

0.0004EPSS

2023-08-11 03:15 AM
20
cve
cve

CVE-2023-36897

Visual Studio Tools for Office Runtime Spoofing...

8.1CVSS

6.9AI Score

0.001EPSS

2023-08-08 06:15 PM
136
cve
cve

CVE-2022-4046

In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the...

8.8CVSS

8.8AI Score

0.001EPSS

2023-08-03 01:15 PM
13
cve
cve

CVE-2023-37555

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
15
cve
cve

CVE-2023-37557

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service...

6.5CVSS

6.5AI Score

0.0004EPSS

2023-08-03 12:15 PM
23
cve
cve

CVE-2023-37553

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
11
cve
cve

CVE-2023-37549

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37558

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-08-03 12:15 PM
21
cve
cve

CVE-2023-37551

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via...

6.5CVSS

6.6AI Score

0.0005EPSS

2023-08-03 12:15 PM
19
cve
cve

CVE-2023-37552

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37556

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
12
cve
cve

CVE-2023-37559

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service...

6.5CVSS

6.4AI Score

0.0004EPSS

2023-08-03 12:15 PM
16
cve
cve

CVE-2023-37550

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
21
cve
cve

CVE-2023-37554

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition.....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
13
cve
cve

CVE-2023-37546

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37548

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37547

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 12:15 PM
14
cve
cve

CVE-2023-37545

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition....

6.5CVSS

6.2AI Score

0.0004EPSS

2023-08-03 11:15 AM
32
cve
cve

CVE-2023-3242

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation...

8.6CVSS

5.7AI Score

0.0005EPSS

2023-07-26 06:15 PM
43
cve
cve

CVE-2023-35873

The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

6.5CVSS

6.6AI Score

0.001EPSS

2023-07-11 03:15 AM
19
cve
cve

CVE-2023-29403

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard...

7.8CVSS

8.3AI Score

0.001EPSS

2023-06-08 09:15 PM
166
cve
cve

CVE-2023-33966

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list (--allow-net). Dependencies relying on these built-in...

9.8CVSS

9.4AI Score

0.002EPSS

2023-05-31 06:15 PM
15
cve
cve

CVE-2022-47393

An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service...

6.5CVSS

7.3AI Score

0.001EPSS

2023-05-15 11:15 AM
25
cve
cve

CVE-2022-47392

An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service...

6.5CVSS

7.2AI Score

0.001EPSS

2023-05-15 11:15 AM
21
cve
cve

CVE-2022-47388

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
17
cve
cve

CVE-2022-47390

An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.9AI Score

0.002EPSS

2023-05-15 10:15 AM
15
cve
cve

CVE-2022-47387

An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 10:15 AM
19
cve
cve

CVE-2022-47391

In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of...

7.5CVSS

7.8AI Score

0.002EPSS

2023-05-15 10:15 AM
20
Total number of security vulnerabilities591