Hitachi Energy's RTU500 Series Product (UPDATE B)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : RTU500 Series Vulnerabilities : Type Confusion, Observable Timing Discrepancy, Out-of-bounds Read, Infinite Loop, Classic Buffer Overflow 2. RISK EVALUATION...

GLSA-202305-06 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-06 Mozilla Firefox: Multiple Vulnerabilities - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox This bug only affects Thunderbird for Linux...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Mozilla: libwebp: Double-free in libwebp

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

Elementor Website Builder < 3.12.2 - Admin+ SQLi

The plugin does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. PoC 1. Go to Elementor Tools Replace URL 2. Fill the first field with...

Oracle Linux 9 : libwebp (ELSA-2023-2078)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2078 advisory. 1.2.0-6 - Fix tools subpackage dependency 1.2.0-4 - Added fix for mzbz1819244 Tenable has extracted the preceding description block directly from the Oracle Lin...

CVE-2023-1999

The Mozilla Foundation Security Advisory describes this flaw as: A double-free in libwebp could have led to memory corruption and a potentially exploitable crash...

K000133699: Oracle WebLogic Server vulnerabilities CVE-2023-21964, CVE-2023-21979, and CVE-2023-21996

Security Advisory Description CVE-2023-21964 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo...

Rocky Linux 9 : thunderbird (RLSA-2023:1809)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1809 advisory. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key...

Keysight N8844A Data Analytics Web Service (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Keysight Equipment : N8844A Data Analytics Web Service Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to remote code...

CentOS 7 : thunderbird (RHSA-2023:1806)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1806 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted...

CentOS 7 : firefox (RHSA-2023:1791)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1791 advisory. - Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affec...

CVE-2023-26060

An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult t...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67106)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...

PT-2023-21552 · Hewlett Packard · Hpe Proliant Rl300 Gen11 Server +1

Name of the Vulnerable Software and Affected Versions: HPE ProLiant RL300 Gen11 Server affected versions not specified Description: A potential security issue has been identified in the system, which could result in the system being vulnerable to exploits by attackers with physical access inside...

Oracle JDeveloper Information Disclosure (April 2023 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by an information disclosure vulnerability as referenced in the April 2023 CPU advisory. Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: ADF...