The vulnerability of Hitachi Energy RTU500 CMU series programmable logic controllers’ web servers allows attackers to perform cross-site scripting attacks.

The vulnerability of the Hitachi Energy RTU500 CMU series programmable logic controllers’ web servers is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

CVE-2023-6711

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Specially crafted messages sent to the mentioned components are not validated properly and can result in buffer overflow and as final consequence to a reboot of an...

Hitachi Energy RTU500 输入验证错误漏洞

RTU500 is a series of industrial control components from Hitachi, Japan, mainly used in industrial control systems. An input validation error vulnerability exists in the Hitachi Energy RTU500 series CMU Firmware, which arises from a specially crafted message sent to the component that is not...

PT-2023-7965 · Unknown · Rtu500 Scripting Interface

Name of the Vulnerable Software and Affected Versions: RTU500 Scripting interface affected versions not specified Description: A vulnerability exists in the RTU500 Scripting interface component. When a client connects to a server using TLS, the server presents a certificate that links a public ke...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4shell true positive This is a simple web project with a...

CVE-2023-5769

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to user input being improperly sanitized...

kernel: IGB driver inadequate buffer size for frames larger than MTU

A flaw was found in igbconfigurerxring in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue...

PT-2023-7608 · Siemens · Simatic S7-1500 Cpu Family

Name of the Vulnerable Software and Affected Versions: Siemens SIMATIC S7-1500 CPU Family affected versions not specified Description: The issue is related to a use-after-free vulnerability in the software of programmable logic controllers. This could allow a remote attacker to cause a denial of...

Hitachi System Management Unit Security Vulnerability

Hitachi System Management Unit is a device used to manage servers and clusters from Hitachi, Japan. A security vulnerability exists in Hitachi System Management Unit SMU versions prior to 14.8.7825.01, which stems from the component's susceptibility to information disclosure via URL manipulation,...

CVE-2023-49468

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the readcodingunit function at slice.cc...

ALPINE-CVE-2023-49468

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the readcodingunit function at slice.cc...

UBUNTU-CVE-2023-49468

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the readcodingunit function at slice.cc...

Libde265 Security Vulnerability

Libde265 is a German h.265 video codec. A security vulnerability exists in Libde265 version v1.0.14, which stems from the discovery of a global buffer overflow vulnerability contained in the readcodingunit function of slice.cc...

The malware, attacker trends and more that shaped the threat landscape in 2023

The 2023 Cisco Talos Year in Review is now available to download. Once again, the Talos team has meticulously combed through a massive amount of data to analyze the major trends that have shaped the threat landscape in 2023. Global conflict influenced a lot of these trends, altering the tactics a...

mariadb: server crash in st_select_lex_unit::exclude_level

MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component stselectlexunit::excludelevel...

Medium: virtuoso-opensource

Issue Overview: An issue in the libcmalloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements. CVE-2023-31607 An issue in the dfeunitcolloci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Deni...

Important: kernel-livepatch-4.14.322-244.539

Issue Overview: An issue was discovered in drivers/net/ethernet/intel/igb/igbmain.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. CVE-2023-45871 Affected Packages: kernel-livepatch-4.14.322-244.539 Issue Correction: Please...

PT-2023-28550 · Unknown · Gpu Driver

Name of the Vulnerable Software and Affected Versions: GPU driver affected versions not specified Description: The issue is related to an incorrect bounds check in the GPU driver, which can lead to a possible out of bounds write. This could result in a local denial of service and requires System...

PT-2023-9633 · Nvidia · Nvidia Connectx Host Firmware

Name of the Vulnerable Software and Affected Versions: NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit DPU affected versions not specified Description: The issue is related to an improper handling of insufficient privileges, which may lead to denial of service, data tampering...

CVE-2023-5427

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory.This issue affects Bifrost...