CVE-2024-3640 Rockwell Automation FactoryTalk® Remote Access™ has Unquoted Executables
An unquoted executable path exists in the Rockwell Automation FactoryTalk® Remote Access™ possibly resulting in remote code execution if exploited. While running the FTRA installer package, the executable path is not properly quoted, which could allow a threat actor to enter a malicious executable....
7.9AI Score
0.0004EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
7.4AI Score
Summary IBM Event Streams is vulnerable to a a denial of service attack due to the jose4j component. The jose4j library is used in event streams for secure handling of JSON Web Tokens (JWTs), enabling encryption, decryption, and validation of tokens to ensure secure authentication and data...
6.8AI Score
0.0004EPSS
Summary IBM Event Streams is vulnerable to a denial of service attack due to Okio GzipSource component used in our strimzi-kafka-bridge. Okio is used in kafka to efficiently handle byte streams and improve data serialization/deserialization and network communication performance. Vulnerability...
7.5CVSS
6.5AI Score
0.001EPSS
RHEL 8 : Red Hat Ansible Automation Platform 2.1 ansible-runner (RHSA-2022:0460)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0460 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...
8.8CVSS
8.9AI Score
0.0004EPSS
Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to...
8.8CVSS
7.7AI Score
0.0005EPSS
Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks Exposed
By Waqas Millions of IoT and industrial devices at risk! Critical vulnerabilities in Cinterion cellular modems allow remote attackers to take control. This is a post from HackRead.com Read the original post: Cinterion Modem Vulnerabilities Leave IoT and Industrial Networks...
7.7AI Score
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...
0.0004EPSS
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper authentication...
6.9AI Score
0.0004EPSS
Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable denial of service via local...
6.4CVSS
6.3AI Score
0.0004EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...
7.2AI Score
0.0004EPSS
7.4AI Score
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product...
9.8CVSS
9.6AI Score
0.001EPSS
CVE-2024-0323 FTP uses unsecure encryption mechanisms
The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product...
9.8CVSS
9.7AI Score
0.001EPSS
7.4AI Score
A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this action is allowed without...
0.0004EPSS
Inductive Automation Ignition ResponseParser SerializedResponse Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to...
8.8CVSS
9.2AI Score
0.0005EPSS
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being...
6.5CVSS
6.2AI Score
0.001EPSS
7.4AI Score
Exploit for Use After Free in Google Android
Bad Spin: Android Binder LPE Author: Moshe Kol Privilege...
7AI Score
Summary IBM Event Streams is vulnerable to a Broken Access Control due to the Node.js follow-redirects module. follow-redirects provides request and get methods that behave identically to those found on the native http and https modules. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION:.....
6.5CVSS
6.1AI Score
0.0004EPSS
7.4AI Score
RHEL 8 : Red Hat Ansible Automation Platform 2.0 ansible-runner (RHSA-2022:0474)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0474 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...
8.8CVSS
6.7AI Score
0.0004EPSS
Exploit for PHP External Variable Modification in Juniper Junos
Automation for Juniper CVE:2023-36845 Overview is a bash...
9.8CVSS
7.3AI Score
0.965EPSS
Exploit for Command Injection in Ivanti Connect Secure
🚨 CVE-2024-21887 Exploit Tool 🛠️ A robust tool for detecting...
9.1CVSS
8.2AI Score
0.969EPSS
[ScreenTime] Child is able to get more screen time by reinstalling an app (Android R+)
In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.9AI Score
0.0004EPSS
Exploit for Infinite Loop in Openssl
CVE-2022-0778 The discovered vulnerability triggers an...
7.5CVSS
8.1AI Score
0.013EPSS
DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS)...
5.4CVSS
6.3AI Score
0.001EPSS
Exploit for Logging of Excessive Data in Salesagility Suitecrm
CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...
8.6CVSS
7.2AI Score
0.0005EPSS
Exploit for Cross-site Scripting in Citrix Gateway
CVE-2023-24488 POC for CVE-2023-24488 Citrix Gateway...
6.1CVSS
6.1AI Score
0.055EPSS
[Android Auto] App permissions reset after upgrade on device from R build to S build
In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0004EPSS
7.4AI Score
Exploit for Externally Controlled Reference to a Resource in Another Sphere in Microsoft
follina (POC) All about CVE-2022-30190, aka follina, that is...
8.2AI Score
Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that...
8.4AI Score
0.052EPSS
6.9AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4971 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
9.8CVSS
7.6AI Score
0.001EPSS
F5 Networks BIG-IQ Configuration Utility Login Page Detection
The configuration utility login page for F5 Networks BIG-IQ was detected on the remote host. BIG-IQ is a product for managing BIG-IP...
1.6AI Score
Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...
7.5CVSS
7.7AI Score
0.002EPSS
Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network...
9.8CVSS
7.6AI Score
0.002EPSS
imet2000-pal.org Cross Site Scripting vulnerability OBB-3917635
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7517 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.3AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4340 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.3CVSS
5.9AI Score
0.001EPSS
$$\ce{$\unicode[goombafont; color:red; pointer-events:...
8.6CVSS
8.7AI Score
0.945EPSS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Summary An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. Details The OpenTelemetry Collector handles compressed HTTP requests by recognizing the Content-Encoding header, rewriting the HTTP request body, and allowing...
8.2CVSS
8.3AI Score
0.001EPSS
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and...
7.8CVSS
7.2AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5208 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.5CVSS
7.8AI Score
0.001EPSS
7.4AI Score
Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the...
9.1CVSS
9.8AI Score
0.0005EPSS