Lucene search

K

B&R Industrial Automation Security Vulnerabilities

debian
debian

[SECURITY] [DLA 3808-1] intel-microcode security update

Debian LTS Advisory DLA-3808-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost May 04, 2024 https://wiki.debian.org/LTS Package : intel-microcode Version : 3.20240312.1~deb10u1 CVE...

6.5CVSS

7.8AI Score

0.001EPSS

2024-05-04 03:21 PM
11
osv
osv

CVE-2022-21812

Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.1AI Score

0.0004EPSS

2022-08-18 08:15 PM
1
osv
osv

CVE-2023-22338

Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local...

5.5CVSS

6.3AI Score

0.0004EPSS

2023-08-11 03:15 AM
2
cvelist
cvelist

CVE-2024-3626 Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.17 - Missing Authorization

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17....

4.3CVSS

4.6AI Score

0.001EPSS

2024-05-23 05:32 AM
cvelist
cvelist

CVE-2023-38123 Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability

Inductive Automation Ignition OPC UA Quick Client Missing Authentication for Critical Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. User interaction is required to...

7.5CVSS

7.9AI Score

0.0005EPSS

2024-05-03 01:59 AM
osv
osv

CVE-2023-41898

Home assistant is an open source home automation. The Home Assistant Companion for Android app up to version 2023.8.2 is vulnerable to arbitrary URL loading in a WebView. This enables all sorts of attacks, including arbitrary JavaScript execution, limited native code execution, and credential...

8.6CVSS

7.1AI Score

0.001EPSS

2023-10-19 11:15 PM
1
osv
osv

CVE-2023-22355

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.3AI Score

0.0004EPSS

2023-05-10 02:15 PM
4
cvelist
cvelist

CVE-2023-38122 Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Permissive Cross-domain Policy Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this....

7.2CVSS

7.7AI Score

0.0005EPSS

2024-05-03 01:59 AM
osv
osv

Arbitrary File Overwrite in Eclipse JGit

Arbitrary File Overwrite in Eclipse JGit &lt;= 6.6.0 In Eclipse JGit, all versions &lt;= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensiti...

8.8CVSS

8.8AI Score

0.001EPSS

2023-09-18 03:30 PM
14
osv
osv

CVE-2023-28736

Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local...

6.7CVSS

7.6AI Score

0.0004EPSS

2023-08-11 03:15 AM
6
cvelist
cvelist

CVE-2024-4563 The Progress MOVEit Automation Configuration Export Function Uses a Cryptographic Method with Insufficient Bit Length

The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit...

6.1CVSS

6.2AI Score

0.0004EPSS

2024-05-22 05:01 PM
2
openbugbounty
openbugbounty

imet2000-pal.org Cross Site Scripting vulnerability OBB-3917635

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-12 02:07 PM
1
osv
osv

CVE-2023-22840

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local...

5.5CVSS

6.8AI Score

0.0004EPSS

2023-08-11 03:15 AM
4
osv
osv

CVE-2022-26086

Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

7.1AI Score

0.0004EPSS

2022-11-11 04:15 PM
3
osv
osv

CVE-2022-29486

Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network...

9.8CVSS

7.4AI Score

0.002EPSS

2022-11-11 04:15 PM
4
osv
osv

CVE-2023-28741

Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local...

7.9CVSS

7.4AI Score

0.0004EPSS

2023-11-14 07:15 PM
5
osv
osv

CVE-2024-32979

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL.....

7.5CVSS

6.5AI Score

0.0004EPSS

2024-05-01 11:15 AM
3
osv
osv

CVE-2023-41894

Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the *.ui.nabu.casa URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the.....

5.3CVSS

6.8AI Score

0.0005EPSS

2023-10-20 12:15 AM
2
githubexploit
githubexploit

Exploit for Untrusted Pointer Dereference in Microsoft

nullmap A very simple driver manual mapper based on my older...

8.6AI Score

2023-03-10 07:08 PM
308
githubexploit
githubexploit

Exploit for CVE-2023-6319

Root my webOS TV A simple python script that starts a telnet...

7.2AI Score

2024-04-11 06:58 PM
123
nessus
nessus

Ansible Installed (Linux/UNIX)

Ansible, an IT automation and management application, was found on the remote...

1.4AI Score

2019-02-04 12:00 AM
9
osv
osv

CVE-2022-34140

A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username...

5.4CVSS

5.4AI Score

0.002EPSS

2022-07-28 12:15 AM
3
cvelist
cvelist

CVE-2023-38124 Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

7.2CVSS

7.7AI Score

0.0005EPSS

2024-05-03 01:59 AM
cvelist
cvelist

CVE-2024-2580 WordPress Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through...

6.5CVSS

6.6AI Score

0.0004EPSS

2024-03-21 04:48 PM
nessus
nessus

Jenkins plugins Multiple Vulnerabilities (2023-10-25)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: High GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes. This results in a...

8.1CVSS

5.5AI Score

0.001EPSS

2023-10-25 12:00 AM
9
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer

CVE-2023-0669 GoAnywhere MFT suffers from a...

7.2CVSS

7.7AI Score

0.969EPSS

2023-02-10 01:02 PM
381
githubexploit
githubexploit

Exploit for CVE-2024-29269

🚀 CVE-2024-29269 Exploit This repository contains an exploit...

8.3AI Score

0.001EPSS

2024-05-19 07:05 PM
88
metasploit
metasploit

Metasploit Web Crawler

This auxiliary module is a modular web crawler, to be used in conjunction with wmap (someday) or...

-0.2AI Score

2010-11-05 04:00 AM
19
ubuntucve
ubuntucve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the....

7.2AI Score

0.0004EPSS

2024-06-11 12:00 AM
atlassian
atlassian

Tomcat should not disclose its own version to unauthenticated users

h3. Problem Definition When accessing URLs that aren't under the application context and are not defined in Tomcat, Tomcat returns a 404 along with its own version. h4. +Steps to reproduce problem+ * In a Jira instance with a context called jira for instance, browse http:///non_existent_uri. Make.....

0.6AI Score

2022-02-08 11:13 AM
8
osv
osv

Important: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...

8.2CVSS

6.8AI Score

0.0005EPSS

2024-05-22 12:00 AM
1
githubexploit
githubexploit

Exploit for CVE-2024-5084

🚀 HashForm Exploit Script This script demonstrates the...

9.8CVSS

8.6AI Score

0.035EPSS

2024-05-27 08:04 PM
129
githubexploit
githubexploit

Exploit for SQL Injection in Fortinet Forticlient Enterprise Management Server

CVE-2023-48788 Fortinet FortiClient EMS SQL Injection...

9.8CVSS

8.6AI Score

0.711EPSS

2024-03-18 08:50 PM
93
zdt

10CVSS

6.7AI Score

0.001EPSS

2024-06-02 12:00 AM
10
debiancve
debiancve

CVE-2024-36965

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in...

6.7AI Score

0.0004EPSS

2024-06-08 01:15 PM
1
cve
cve

CVE-2024-2580

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-21 05:15 PM
30
cnvd
cnvd

Kirby CMS Cross-Site Scripting Vulnerability

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. A heap buffer overflow vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attacker to...

7.8CVSS

7.4AI Score

0.0004EPSS

2024-03-27 12:00 AM
6
atlassian
atlassian

RCE (Remote Code Execution) org.eclipse.jgit:org.eclipse.jgit Dependency in Bamboo Data Center and Server

This High severity org.eclipse.jgit:org.eclipse.jgit Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0 of Bamboo Data Center and Server. The latest LTS Bamboo 9.6.0 is not impacted by this Vulnerability. This org.eclipse.jgit:org.eclipse.jgit...

8.8CVSS

7.3AI Score

0.001EPSS

2024-05-13 10:10 AM
13
githubexploit
githubexploit

Exploit for Embedded Malicious Code in Tukaani Xz

CVE-2024-3094-info CVE-2024-3094 PoC Exploration...

10CVSS

9.9AI Score

0.133EPSS

2024-03-29 05:03 PM
197
debiancve
debiancve

CVE-2024-27391

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: do not realloc workqueue everytime an interface is added Commit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to "NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order to set the...

6.5AI Score

0.0004EPSS

2024-05-01 01:15 PM
4
nessus
nessus

Jenkins Enterprise and Operations Center < 2.222.43.0.4 / 2.249.30.0.4 / 2.277.2.3 Multiple Vulnerabilities (CloudBees Security Advisory 2021-04-07)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.222.x prior to 2.222.43.0.4, 2.249.x prior to 2.249.30.0.4, or 2.x prior to 2.277.2.3. It is, therefore, affected by multiple vulnerabilities, including the following: Reflected XSS vulnerability...

6.5CVSS

5.5AI Score

0.001EPSS

2021-11-18 12:00 AM
9
osv
osv

CVE-2023-41899

Home assistant is an open source home automation. In affected versions the hassio.addon_stdin is vulnerable to a partial Server-Side Request Forgery where an attacker capable of calling this service (e.g.: through GHSA-h2jp-7grc-9xpp) may be able to invoke any Supervisor REST API endpoints with a.....

8.8CVSS

6.7AI Score

0.001EPSS

2023-10-19 11:15 PM
3
osv
osv

CVE-2023-44392

Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...

9CVSS

8AI Score

0.001EPSS

2023-10-09 08:15 PM
3
packetstorm

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
66
almalinux
almalinux

Important: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...

8.2CVSS

6.9AI Score

0.0005EPSS

2024-05-22 12:00 AM
8
osv
osv

CVE-2023-24540

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during...

9.8CVSS

7.1AI Score

0.003EPSS

2023-05-11 04:15 PM
11
openbugbounty
openbugbounty

andre-r-rowe-photography.seehouseat.com Cross Site Scripting vulnerability OBB-3844869

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-01-27 07:47 PM
2
openbugbounty
openbugbounty

sekarlaut.com Cross Site Scripting vulnerability OBB-3918471

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-04-16 12:04 PM
3
githubexploit
githubexploit

Exploit for CVE-2022-4061

JBWPer | CVE-2022-4061 - JobBoardWP Automatic Mass Tool for...

7.7AI Score

2023-09-17 03:20 AM
404
Total number of security vulnerabilities126566