9454 matches found
Siemens Simantic S7-1500 CPU family
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Directory Traversal
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Directory Traversal in the retrieveSourceMap function. Note: This issue is not a vulnerability because no real attack scenario can happen in the context of the package, where the developer...
ArtPlacer Widget < 2.20.7 - Editor+ SQLi
Description The plugin does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor or above PoC As an editor, open...
Cross-site Scripting (XSS)
vite is vulnerable to Cross-Site Scripting. This vulnerability exists because it does not properly sanitize inline scripts in the server.transformIndexHtml function, allowing an attacker to inject and execute malicious JavaScript into the browser. This vulnerability is only exploitable if the...
Delta Electronics DOPSoft
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Delta Electronics Equipment : DOPSoft Vulnerability : Stack-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code execution. 3...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...
Denial Of Service (DoS)
Spring Boot is vulnerable to Denial Of Service. The vulnerability is due to parsing malicious HTTP Request without proper validation or sanitization. This issue can be exploited by an attacker via crafting mailicous HTTP Request leading to Denial Of Service. Note that the following conditions mus...
RHEL 9 : firefox (RHSA-2023:7577)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7577 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...
Franklin Electric Fueling Systems Colibri
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Electric Fueling Systems Equipment : Colibri Vulnerability : Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could...
Oracle Linux 9 : thunderbird (ELSA-2023-7501)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7501 advisory. 115.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 115.5.0-1 - Update to 115.5.0 build1 Tenable has...
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Summary A Server-Side Request Forgery SSRF Vulnerability is present in applications utilizing the google-translate-api-browser package and exposing the translateOptions to the end user. An attacker can set a malicious tld, causing the application to return unsafe URLs pointing towards local...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...
Mozilla: Use-after-free in MessagePort::Entangled
The Mozilla Foundation Security Advisory describes this flaw as: It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash...