B&R Industrial Automation Security Vulnerabilities
Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this...
8.6CVSS
8.7AI Score
0.001EPSS
Siemens Automation License Manager CVE-2012-4691 Denial of Service
The remote host has a version of Siemens Automation License Manager installed that is affected by an excessive memory consumption denial of service vulnerability that can be triggered by sending a specially crafted packet to the Automation Licensing Manager TCP service listening on port...
3.9AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5701 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
7.8AI Score
0.001EPSS
Exploit for Infinite Loop in Openssl
CVE-2022-0778 The discovered vulnerability triggers an...
7.5CVSS
8.1AI Score
0.013EPSS
Exploit for Path Traversal in Sysaid Sysaid On-Premises
Vulnerability Details fofa: ```text ...
9.8CVSS
9.6AI Score
0.935EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7773 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.8CVSS
6.8AI Score
0.001EPSS
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
6.5CVSS
6.4AI Score
0.001EPSS
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
6.5CVSS
6.2AI Score
0.001EPSS
Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the...
9.1CVSS
7.9AI Score
0.0005EPSS
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4991 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
9.8CVSS
9.5AI Score
0.001EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.run_job permission is checked (i.e., does the user have.....
4.3CVSS
4.5AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5805 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.7AI Score
0.732EPSS
The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0855 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
6.5CVSS
6.3AI Score
0.001EPSS
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...
5.3CVSS
5.1AI Score
0.0004EPSS
8.3AI Score
0.0004EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
3.2AI Score
0.0004EPSS
K000139654: Intel oneAPI vulnerabilities CVE-2023-24592 and CVE-2023-27383
Security Advisory Description CVE-2023-24592 Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. CVE-2023-27383 Protection mechanism failure in some...
6.5AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5758 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.1AI Score
0.001EPSS
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local...
5.5CVSS
4.9AI Score
0.001EPSS
Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor
CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...
9.8CVSS
9.5AI Score
0.097EPSS
Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor
CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...
9.8CVSS
9.5AI Score
0.097EPSS
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...
6.5CVSS
6.9AI Score
0.0004EPSS
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
7.4AI Score
0.0004EPSS
CVE-2024-29895 Cacti CVE-2024-29895 POC A command injection...
10CVSS
8.6AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5810 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.5CVSS
8.6AI Score
0.732EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...
6.8AI Score
0.0004EPSS
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local...
5.5CVSS
5.7AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6158 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
8AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5809 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
7.5CVSS
8.6AI Score
0.732EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0733 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
7.6AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...
6.7AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4693 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
7.7AI Score
0.001EPSS
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...
6.5CVSS
6.4AI Score
0.001EPSS
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title...
6.1CVSS
5.8AI Score
0.001EPSS
Zebra Industrial Printers Insufficiently Protected Credentials (CVE-2019-10960)
Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the...
7.5CVSS
6.5AI Score
0.002EPSS
Exploit for Use After Free in Microsoft
CVE-2023-36802 Local Privilege Escalation POC authors:...
7.8CVSS
6.7AI Score
0.001EPSS
A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and...
7.8CVSS
6.8AI Score
0.0004EPSS
9.8CVSS
10AI Score
0.975EPSS
Exploit for Cross-site Scripting in Citrix Gateway
CVE-2023-24488 POC for CVE-2023-24488 Citrix Gateway...
6.1CVSS
6.1AI Score
0.055EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6079 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
6.5CVSS
6.7AI Score
0.001EPSS
Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...
8.8CVSS
9.2AI Score
0.0005EPSS
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...
7.9CVSS
7.8AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.8AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....
7.5AI Score
Rockwell Automation MicroLogix 1100 PLC < Series B FRN 13.0 Multiple Vulnerabilities
The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 13.0. It is, therefore, affected by multiple vulnerabilities : An improper access control vulnerability exists when sending a 'stop' command, which causes a denial of ...
2.1AI Score
0.029EPSS
Exploit for Code Injection in Apache Ofbiz
ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For...
9.8CVSS
6.6AI Score
0.821EPSS
Microsoft SQL Server Command Execution
This module will execute a Windows command on a MSSQL/MSDE instance via the xp_cmdshell (default) or the sp_oacreate procedure (more opsec safe, no output, no temporary data table). A valid username and password is required to use this...
7.7AI Score
Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024
CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...
9.8CVSS
9.7AI Score
0.938EPSS