Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management...
7.5CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.0004EPSS
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input...
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption in MPP performance while accessing DSM watermark using external memory...
7.8CVSS
7.8AI Score
0.0004EPSS
Method to an Old Consultant's Madness with Site Design
If it's your first time purchasing and setting up InsightVM – or if you are a seasoned veteran – I highly recommend a ‘less is more’ strategy with site design. After many thousands of health checks performed by security consultants for InsightVM customers, the biggest challenge most consultants...
6.8AI Score
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.8CVSS
7.8AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9AI Score
0.009EPSS
Siemens SIMATIC PCS neo Cross-Site Scripting Vulnerability
SIMATIC PCS neo is a distributed control system (DCS). A cross-site scripting vulnerability exists in Siemens SIMATIC PCS neo, which can be exploited by an attacker to inject Javascript code into an...
5.4CVSS
6.1AI Score
0.0004EPSS
Siemens SIMATIC PCS neo SQL Injection Vulnerability
SIMATIC PCS neo is a distributed control system (DCS). Siemens SIMATIC PCS neo has a SQL injection vulnerability that can be exploited by an attacker to execute SQL statements in the underlying...
6.3CVSS
7.9AI Score
0.0004EPSS
Siemens SIMATIC PCS neo Authentication Error Vulnerability
SIMATIC PCS neo is a distributed control system (DCS). An authentication error vulnerability exists in Siemens SIMATIC PCS neo, which can be exploited by an attacker to generate a privileged token and upload additional...
6.5CVSS
6.9AI Score
0.0004EPSS
Siemens SIMATIC PCS neo has a loose cross domain policy vulnerability with untrusted domains
SIMATIC PCS neo is a distributed control system (DCS). Siemens SIMATIC PCS neo suffers from a loose cross-domain policy vulnerability with an untrusted domain, which can be exploited by an attacker to trick a legitimate user into triggering unwanted...
8CVSS
6.7AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying...
8CVSS
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted...
8.8CVSS
7.7AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later...
5.4CVSS
4.8AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later...
4.8CVSS
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional...
6.5CVSS
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional...
6.5CVSS
6.2AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying...
8CVSS
6.7AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted...
8.8CVSS
0.001EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional...
6.5CVSS
6.9AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted...
8.8CVSS
6.7AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying...
8CVSS
7.6AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later...
4.8CVSS
5.9AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later...
5.4CVSS
5.3AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted...
8CVSS
8.6AI Score
0.001EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying...
6.3CVSS
8.1AI Score
0.0004EPSS
A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional...
6.5CVSS
6.5AI Score
0.0004EPSS
A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit....
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit....
5.4CVSS
0.001EPSS
A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit....
5.4CVSS
6.3AI Score
0.001EPSS
CVE-2023-6103 Intelbras RX 1500 SSID WiFi.html cross site scripting
A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit....
2.4CVSS
5.4AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
9.8CVSS
9.3AI Score
0.001EPSS
Users pay higher fee than intended
Lines of code Vulnerability details Impact Protocol mints incorrect depositAmount and depositShare to protocol. Such that reserveFee is higher than defined. Suppose following scenario: Tranche 2 has 20% APR, has 5_000 borrowed Tranche 1 has 10% APR, has 10_000 borrowed ReserveFee is 10% It means...
7.2AI Score
WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users
It is not rare that users of popular instant messaging services find the official client apps to be lacking in functionality. To address that problem, third-party developers come up with mods that offer sought-after features besides aesthetic upgrades. Unfortunately, some of these mods contain...
8AI Score
A cascade of compromise: unveiling Lazarus’ new campaign
Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. What's remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendor's systems continued to use the...
7.5AI Score
Juniper Junos OS Vulnerability (JSA73151)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73151 advisory. An Exposure of Sensitive Information vulnerability in the ' (CVE-2023-44187) Note that Nessus has not tested for this issue but has instead relied only on the application's...
5.9CVSS
5.6AI Score
0.0004EPSS
Juniper Junos OS Unchecked Return Value (JSA73149)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73149 advisory. An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol,...
8.8CVSS
8.4AI Score
0.001EPSS
HackerOne: New Search Feature: Search for non-public words in limited disclosure reports
Similar to https://hackerone.com/reports/685909 An attacker can search for words in limited disclosure reports, and see if it exists in the full report. HackerOne will return whether the word exists in the full report, rather than in the limited part (e.g. summary/title ...) of the report Steps to....
6.5AI Score
Cisco IOS Software Group Encrypted Transport VPN Out of Bounds Write (cisco-sa-getvpn-rce-g8qR68sx)
According to its self-reported version, Cisco IOS is affected by a vulnerability. A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of ...
6.6CVSS
7.4AI Score
0.008EPSS
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a...
6.5CVSS
6.5AI Score
0.0004EPSS
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101,...
5.5CVSS
5.5AI Score
0.0004EPSS
An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while...
7.5CVSS
7.4AI Score
0.0005EPSS
An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by...
6.5CVSS
5.4AI Score
0.001EPSS
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a...
6.5CVSS
6.5AI Score
0.0004EPSS
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101,...
5.5CVSS
5.5AI Score
0.0004EPSS
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This.....
5.5CVSS
5.8AI Score
0.0004EPSS
An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory...
6.5CVSS
5.6AI Score
0.001EPSS
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This.....
5.5CVSS
5.8AI Score
0.0004EPSS