B&R Industrial Automation Security Vulnerabilities
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1057 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
7.6AI Score
0.001EPSS
Summary IBM Event Streams is vulnerable to a denial of service attack due to Okio GzipSource component used in our strimzi-kafka-bridge. Okio is used in kafka to efficiently handle byte streams and improve data serialization/deserialization and network communication performance. Vulnerability...
7.5CVSS
6.5AI Score
0.001EPSS
9.8CVSS
10AI Score
0.975EPSS
9.8CVSS
3.3AI Score
0.106EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4692 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.3AI Score
0.002EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local access. Bugs https://bugzilla.redhat.com/show_bug.cgi?id=2278989...
6.4CVSS
6.4AI Score
0.0004EPSS
9.8CVSS
9.5AI Score
0.899EPSS
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
6.5CVSS
6.4AI Score
0.001EPSS
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
6.5CVSS
6.2AI Score
0.001EPSS
Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the...
9.1CVSS
7.9AI Score
0.0005EPSS
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...
7.8CVSS
8.2AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5701 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
7.8AI Score
0.001EPSS
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.Due to this vulnerability, users with low privileges may gain administrative access to the system.This issue can also be exploited in Artifactory platforms with...
9CVSS
7AI Score
0.0004EPSS
Exploit for Command Injection in Ivanti Connect Secure
🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...
9.1CVSS
8.2AI Score
0.969EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0322 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
6.5CVSS
5.8AI Score
0.001EPSS
Exploit for Infinite Loop in Openssl
CVE-2022-0778 The discovered vulnerability triggers an...
7.5CVSS
8.1AI Score
0.013EPSS
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...
7.2CVSS
7.6AI Score
0.0004EPSS
JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...
8.8CVSS
6.5AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4991 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
9.8CVSS
9.5AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1640 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.5AI Score
0.052EPSS
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...
7.8CVSS
7.5AI Score
0.001EPSS
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty
CVE-2024-31497 POC This vulnerability exploits the biased...
5.9CVSS
5.6AI Score
0.002EPSS
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...
7.8CVSS
8.2AI Score
0.001EPSS
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...
7.8CVSS
7.5AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5805 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.7AI Score
0.732EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...
9.8CVSS
10AI Score
0.967EPSS
$$\ce{$\unicode[goombafont; color:red; pointer-events:...
8.6CVSS
8.7AI Score
0.945EPSS
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...
7AI Score
0.0004EPSS
Summary IBM Event Streams is vulnerable to a denial of service attack due to the k8sio apiMAChinery component. k8sio apiMachinery is utilized for handling Kubernetes API interactions, facilitating streamlined communication with Kubernetes clusters within event-driven applications. Vulnerability...
7.5CVSS
8.1AI Score
0.732EPSS
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.run_job permission is checked (i.e., does the user have.....
4.3CVSS
4.5AI Score
0.001EPSS
Rockwell Automation Allen-Bradley Stratix 5950 Improper Access Control (CVE-2019-1649)
A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that...
6.7CVSS
6.5AI Score
0.0004EPSS
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied...
9.8CVSS
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0855 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
6.5CVSS
6.3AI Score
0.001EPSS
sekarlaut.com Cross Site Scripting vulnerability OBB-3918471
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
soltiles.in Cross Site Scripting vulnerability OBB-3918472
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
8.8CVSS
9.2AI Score
0.0005EPSS
A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the...
0.0004EPSS
7.4AI Score
EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 The Dirty Pipe Vulnerability For educational...
7.8CVSS
8.2AI Score
0.076EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...
9.8CVSS
10AI Score
0.967EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7773 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.8CVSS
6.8AI Score
0.001EPSS
Exploit for Code Injection in Vmware Spring Framework
Spring4Shell-POC (CVE-2022-22965)...
-0.2AI Score
unionteamltd.com.hk Cross Site Scripting vulnerability OBB-3918579
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...
6.5CVSS
6.9AI Score
0.0004EPSS
smartdoms.com Cross Site Scripting vulnerability OBB-3918577
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and...
6.1CVSS
6.6AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5810 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.5CVSS
8.6AI Score
0.732EPSS
org.eclipse.jgit is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a symbolic link present in a specially crafted git repository which can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem...
8.8CVSS
6.8AI Score
0.001EPSS
CVE-2024-31982 CVEHunter tool for vulnerability detection and...
10CVSS
7AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5809 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.5CVSS
8.6AI Score
0.732EPSS