CVE-2020-7487

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers...

EUVD-2020-28612

Malware in sbrugna...

EUVD-2023-31705

Malicious code in bioql PyPI...

EUVD-2022-37711

Malicious code in bioql PyPI...

EUVD-2022-35030

Malicious code in bioql PyPI...

EUVD-2023-31708

Malicious code in bioql PyPI...

CVE-2023-27982

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi [CVE-2024-39689]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security weakness in Certifi python-certifi, caused by the use of GLOBALTRUST root certificate CVE-2024-39689. Certifi python-certifi is used by our Speech Service runtimes. This vulnerabilitiy has been...

Security Bulletin: IBM Maximo Application Suite: certifi-2023.7.22-py3-none-any.whl is vulnerable to CVE-2024-39689 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector is vulnerable to certifi-2023.7.22-py3-none-any.whl CVE-2024-39689. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide...

Security Bulletin: Vulnerability in certifi-2024.2.2-py3-none-any.whl can affect IBM Storage Scale

Summary There is a vulnerability in certifi-2024.2.2-py3-none-any.whl, used by IBM Storage Scale, which could provide weaker than expected security. CVE-2024-39689 Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi python-certifi could provide weaker than expected security, caused by...

Security Bulletin: IBM QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a...

Fortinet Fortigate SSL-VPN user IP spoofing (FG-IR-23-225)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-225 advisory. - An insufficient verification of data authenticity vulnerability CWE-345 in Fortinet FortiOS SSL-VPN tunnel mode version 7.4...

Mitsubishi Electric FA products (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : MELSEC Series Vulnerability : Insufficient Verification of Data Authenticity 2. RISK EVALUATION Successful exploitation of this vulnerability may...

Authorization

A insufficient verification of data authenticity vulnerability CWE-345 in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number...

CVE-2023-42782

FortiAnalyzer CVE-2023-42782 is an insufficent verification of data authenticity (CWE-345) affecting FortiAnalyzer 7.4.0 and below 7.2.3. An unauthenticated remote attacker could send forged messages to FortiAnalyzer’s syslog server by exploiting knowledge of an authorized device serial number. S...

CODESYS Development System

1. EXECUTIVE SUMMARY CVSS v3 3.3 ATTENTION: low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS Development System Vulnerability: Improper Restriction of Excessive Authentication Attempts. 2. RISK EVALUATION Successful exploitation of this vulnerability could provide a local attacker...

BD Alaris System with Guardrails Suite MX

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION : Low attack complexity Vendor : Becton, Dickinson and Company BD Equipment : Alaris PCU, Guardrails Editor, Systems Manager, Calculation Services, CQI Reporter Vulnerabilities : Insufficient Verification of Data Authenticity, Missing...

Design/Logic Flaw

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affecte...

Design/Logic Flaw

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected...