K000139652: Intel CPU vulnerability CVE-2023-23583
Security Advisory Description Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. (CVE-2023-23583) Impact.....
6.5AI Score
0.0004EPSS
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For...
9.8CVSS
9.7AI Score
0.003EPSS
Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected...
8.8CVSS
8.6AI Score
0.0004EPSS
CVE-2024-1889 Cross-Site Request Forgery vulnerability in SMA Cluster Controller
Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected...
8.8CVSS
6.7AI Score
0.0004EPSS
Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected...
8.8CVSS
8.4AI Score
0.0004EPSS
CVE-2024-1889 Cross-Site Request Forgery vulnerability in SMA Cluster Controller
Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected...
8.8CVSS
8.7AI Score
0.0004EPSS
7.4AI Score
7.4AI Score
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit...
6.1CVSS
6.2AI Score
0.0004EPSS
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older....
10CVSS
9.7AI Score
0.034EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228 Remote Code Injection In Log4j...
10CVSS
10AI Score
0.976EPSS
Security Updates for Microsoft Sharepoint Server (June 2018)
The Microsoft Sharepoint Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request...
5.4CVSS
5.6AI Score
0.005EPSS
Exploit for Path Traversal in Vmware Cloud Foundation
![vckiller](https://socialify.git.ci/Schira4396/VcenterKiller/im......
7.2AI Score
Home assistant is an open source home automation. The Home Assistant login page allows users to use their local Home Assistant credentials and log in to another website that specifies the redirect_uri and client_id parameters. Although the redirect_uri validation typically ensures that it matches.....
9.6CVSS
6AI Score
0.001EPSS
CVE-2023-31211 Disabled automation users could still authenticate
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked...
8.8CVSS
9AI Score
0.0005EPSS
Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...
9.1CVSS
7.4AI Score
0.003EPSS
Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...
9.1CVSS
6.7AI Score
0.003EPSS
Fedora: Security Advisory for libcoap (FEDORA-2024-75863445ff)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
Security Advisory 0098 _._CSAF PDF Date: June 25, 2024 Revision | Date | Changes ---|---|--- 1.0 | June 25, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-4578 CVSSv3.1 Base Score: 8.4 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) Common Weakness Enumeration: CWE-77 Improper...
8.4CVSS
7AI Score
0.0004EPSS
Exploit for Code Injection in Apache Airflow
Apache Airflow < 2.4.0 RCE (CVE-2022-40127) **PoC for...
8.8CVSS
9AI Score
0.371EPSS
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content function in all versions up to, and including, 5.7.17....
4.3CVSS
6.2AI Score
0.001EPSS
7.4AI Score
Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a...
9.1CVSS
9.3AI Score
0.003EPSS
7.4AI Score
UPGer | CVE-2022-4060 - User Post Gallery Automatic Mass Tool...
9.7AI Score
Fedora: Security Advisory for libcoap (FEDORA-2024-450b75e4a0)
The remote host is missing an update for...
6.7AI Score
0.0004EPSS
Microsoft SharePoint Server Excel Services Multiple Remote Code Execution Vulnerabilities (3115112)
This host is missing an important security update according to Microsoft Bulletin...
7.8CVSS
7.5AI Score
0.266EPSS
Exploit for Cleartext Transmission of Sensitive Information in Keepass
KeePass 2.X Master Password Dumper...
7.4AI Score
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...
6.5CVSS
6.3AI Score
0.001EPSS
Improper access control in some Intel(R) CST before version 2.1.10300 may allow an authenticated user to potentially enable denial of service via local...
4.7CVSS
6.5AI Score
0.0004EPSS
Flowmon Unauthenticated Command Injection Exploit
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before...
10CVSS
7AI Score
0.003EPSS
Summary IBM Cloud Pak for Network Automation 2.7.1 addresses multiple security vulnerabilities, listed in the CVEs below. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-24680 DESCRIPTION: **Django is vulnerable to a denial of...
9.8CVSS
10AI Score
0.024EPSS
DotNetNuke Cookie Deserialization Remote Code Excecution
This module exploits a deserialization vulnerability in DotNetNuke (DNN) versions 5.0.0 to 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type of object to...
7.5CVSS
7.9AI Score
0.04EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
6.4AI Score
0.0004EPSS
Aquatronica Control System 5.1.6 Passwords Leak Vulnerability
Title: Aquatronica Control System 5.1.6 Passwords Leak Vulnerability Advisory ID: ZSL-2024-5824 Type: Local/Remote Impact: Security Bypass, Privilege Escalation, System Access, DoS, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data Risk: (5/5) Release Date:...
7.5AI Score
Issue Overview: 2024-05-09: CVE-2021-33117 was added to this advisory. A flaw was found in microcode. Under complex microarchitectural conditions, an unexpected code breakpoint may cause a system hang. The hang was observed on a Skylake server processor, and subsequent analysis indicated...
6.8CVSS
7.2AI Score
0.001EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
CVE-2021-44228(Apache Log4j Remote Code Execution) [all...
10CVSS
10AI Score
0.976EPSS
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade...
9.9CVSS
9.3AI Score
0.002EPSS
AVEVA InduSoft Web Studio / InTouch Edge HMI TCP/IP Server Detection
The remote host is running the TCP/IP server for AVEVA InduSoft Web Studio (IWS) or InTouch Edge HMI (formerly InTouch Machine Edition), a software application for managing and monitoring SCADA...
0.5AI Score
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
0.002EPSS
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a...
6.5CVSS
6.2AI Score
0.0004EPSS
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE ...
9.8CVSS
10AI Score
0.97EPSS
Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF031 and 23.0.2-IF003. Vulnerability Details ** CVEID: CVE-2023-44270 DESCRIPTION: **PostCSS could allow a remote attacker to bypass security...
9.8CVSS
9.8AI Score
0.963EPSS
Home Assistant is open source home automation software. Prior to version 2023.12.3, the login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Version 2023.12.3 contains a patch for this issue. When starting the Home Assistant...
4.3CVSS
4.5AI Score
0.001EPSS
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
8.8AI Score
EPSS
ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves...
6.5CVSS
5.8AI Score
0.0004EPSS
Exploit for Cross-site Scripting in Helpsystems Cobalt Strike
CVE-2022-39197-RCE First This project was modified from...
6.1CVSS
AI Score
0.008EPSS
Race condition in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7AI Score
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
5.4AI Score
0.0004EPSS