Siemens SCALANCE W700

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

MariaDB -- Denial-of-Service vulnerability

The MariaDB project reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete...

CVE-2023-26221

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this...

CVE-2023-26221 TIBCO Spotfire Insufficiently Protected Credential vulnerability

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this...

CVE-2023-26221 TIBCO Spotfire Insufficiently Protected Credential vulnerability

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this...

PT-2023-20549 · Tibco Software · Spotfire For Aws Marketplace +2

Name of the Vulnerable Software and Affected Versions: TIBCO Software Inc.'s Spotfire Analyst versions 12.3.0 through 12.5.0 TIBCO Software Inc.'s Spotfire Server versions 12.3.0 through 12.5.0 TIBCO Software Inc.'s Spotfire for AWS Marketplace version 12.5.0 Description: The Spotfire Connectors...

Rocky Linux 8 : firefox (RLSA-2022:8554)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8554 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined wi...

Rocky Linux 8 : firefox (RLSA-2022:6702)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6702 advisory. - When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This...

PT-2023-30223 · Unknown · Online Matrimonial Project

Name of the Vulnerable Software and Affected Versions: Online Matrimonial Project version 1.0 Description: The issue affects the Online Matrimonial Project, allowing for multiple vulnerabilities to be exploited. Recommendations: For Online Matrimonial Project version 1.0, at the moment, there is ...

Rocky Linux 8 : firefox (RLSA-2021:2743)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2743 advisory. - A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug could only be triggered wh...

BIT-2020-14776

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

BIT-2020-14812

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Locking. Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

BIT-2020-2814

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

Rocky Linux 8 : firefox (RLSA-2022:1287)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1287 advisory. - NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free an...

Rocky Linux 9 : java-1.8.0-openjdk (RLSA-2023:0210)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0210 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Serialization. Supported versions that are...

Rocky Linux 9 : java-11-openjdk (RLSA-2022:7013)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7013 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected...

FreeBSD : opengrok -- Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. (1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1135e939-62b4-11ec-b8e2-1c1b0d9ea7e6 advisory. - Vulnerability in OpenGrok component: Web App. Versions that are affected are 1.6.7 and prior. Easily...

Rocky Linux 8 : expat (RLSA-2020:4484)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4484 advisory. - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount...

Input validation

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processi...

Franklin Fueling System TS-550

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION : Exploitable remotely/low attack complexity/public exploits are available Vendor : Franklin Fueling System Equipment : TS-550 Vulnerability : Use of Password Hash with Insufficient Computational Effort 2. RISK EVALUATION Successful...