Lucene search

K

B&R Industrial Automation Security Vulnerabilities

cvelist
cvelist

CVE-2023-41185 Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability

Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this...

8.6CVSS

8.7AI Score

0.001EPSS

2024-05-03 02:11 AM
nessus
nessus

Siemens Automation License Manager CVE-2012-4691 Denial of Service

The remote host has a version of Siemens Automation License Manager installed that is affected by an excessive memory consumption denial of service vulnerability that can be triggered by sending a specially crafted packet to the Automation Licensing Manager TCP service listening on port...

3.9AI Score

0.001EPSS

2013-01-09 12:00 AM
12
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update (Moderate) (RHSA-2023:5701)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5701 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

7.5CVSS

7.8AI Score

0.001EPSS

2024-04-28 12:00 AM
githubexploit
githubexploit

Exploit for Infinite Loop in Openssl

CVE-2022-0778 The discovered vulnerability triggers an...

7.5CVSS

8.1AI Score

0.013EPSS

2022-03-15 07:06 PM
1329
githubexploit
githubexploit

Exploit for Path Traversal in Sysaid Sysaid On-Premises

Vulnerability Details fofa: ```text ...

9.8CVSS

9.6AI Score

0.935EPSS

2023-11-17 07:03 AM
313
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:7773)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7773 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

7.8CVSS

6.8AI Score

0.001EPSS

2024-04-29 12:00 AM
7
cvelist
cvelist

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

6.5CVSS

6.4AI Score

0.001EPSS

2024-05-03 02:10 AM
vulnrichment
vulnrichment

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

6.5CVSS

6.2AI Score

0.001EPSS

2024-05-03 02:10 AM
vulnrichment
vulnrichment

CVE-2023-32174 Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability

Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability when the...

9.1CVSS

7.9AI Score

0.0005EPSS

2024-05-03 01:56 AM
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update (Low) (RHSA-2023:4991)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:4991 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

9.8CVSS

9.5AI Score

0.001EPSS

2024-04-28 12:00 AM
3
github
github

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-02-28 10:57 PM
14
osv
osv

CVE-2023-51649

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.run_job permission is checked (i.e., does the user have.....

4.3CVSS

4.5AI Score

0.001EPSS

2023-12-22 05:15 PM
3
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Important) (RHSA-2023:5805)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5805 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

7.5CVSS

8.7AI Score

0.732EPSS

2024-04-28 12:00 AM
2
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:0855)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0855 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

6.5CVSS

6.3AI Score

0.001EPSS

2024-04-28 12:00 AM
2
osv
osv

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

5.3CVSS

5.1AI Score

0.0004EPSS

2024-02-28 10:57 PM
7
githubexploit
githubexploit

Exploit for CVE-2024-0757

CVE-2024-0757 (Exploit) Description The Insert or Embed...

8.3AI Score

0.0004EPSS

2024-06-17 07:46 AM
11
osv
osv

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

2.8CVSS

3.2AI Score

0.0004EPSS

2024-05-16 09:15 PM
4
f5
f5

K000139654: Intel oneAPI vulnerabilities CVE-2023-24592 and CVE-2023-27383

Security Advisory Description CVE-2023-24592 Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. CVE-2023-27383 Protection mechanism failure in some...

6.5AI Score

0.0004EPSS

2024-05-16 12:00 AM
6
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:5758)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5758 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

7.5CVSS

8.1AI Score

0.001EPSS

2024-04-28 12:00 AM
6
osv
osv

CVE-2022-21233

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local...

5.5CVSS

4.9AI Score

0.001EPSS

2022-08-18 08:15 PM
18
githubexploit
githubexploit

Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor

CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...

9.8CVSS

9.5AI Score

0.097EPSS

2023-05-15 09:39 AM
542
githubexploit
githubexploit

Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor

CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...

9.8CVSS

9.5AI Score

0.097EPSS

2023-05-15 09:39 AM
387
osv
osv

CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

6.5CVSS

6.9AI Score

0.0004EPSS

2023-10-05 06:15 PM
5
cisco
cisco

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability

A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...

7.4AI Score

0.0004EPSS

2024-04-24 04:00 PM
16
githubexploit
githubexploit

Exploit for CVE-2024-29895

CVE-2024-29895 Cacti CVE-2024-29895 POC A command injection...

10CVSS

8.6AI Score

0.0004EPSS

2024-05-16 06:29 AM
170
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update (Important) (RHSA-2023:5810)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5810 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

7.5CVSS

8.6AI Score

0.732EPSS

2024-04-28 12:00 AM
2
debiancve
debiancve

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

6.8AI Score

0.0004EPSS

2024-05-17 02:15 PM
4
osv
osv

CVE-2023-38575

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local...

5.5CVSS

5.7AI Score

0.0004EPSS

2024-03-14 05:15 PM
3
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:6158)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6158 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

8.1CVSS

8AI Score

0.001EPSS

2024-04-28 12:00 AM
28
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.2.2 Product Security and Bug Fix Update (Important) (RHSA-2023:5809)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5809 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

7.5CVSS

8.6AI Score

0.732EPSS

2024-04-28 12:00 AM
1
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:0733)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0733 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

8.1CVSS

7.6AI Score

0.001EPSS

2024-04-28 12:00 AM
21
ubuntucve
ubuntucve

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

6.7AI Score

0.0004EPSS

2024-05-17 12:00 AM
6
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:4693)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4693 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

7.5CVSS

7.7AI Score

0.001EPSS

2024-04-28 12:00 AM
4
osv
osv

CVE-2023-39368

Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...

6.5CVSS

6.4AI Score

0.001EPSS

2024-03-14 05:15 PM
2
osv
osv

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title...

6.1CVSS

5.8AI Score

0.001EPSS

2023-06-30 05:15 PM
4
nessus
nessus

Zebra Industrial Printers Insufficiently Protected Credentials (CVE-2019-10960)

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the...

7.5CVSS

6.5AI Score

0.002EPSS

2024-05-06 12:00 AM
3
githubexploit
githubexploit

Exploit for Use After Free in Microsoft

CVE-2023-36802 Local Privilege Escalation POC authors:...

7.8CVSS

6.7AI Score

0.001EPSS

2023-10-09 05:32 PM
24
osv
osv

CVE-2023-4237

A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and...

7.8CVSS

6.8AI Score

0.0004EPSS

2023-10-04 03:15 PM
11
githubexploit

9.8CVSS

10AI Score

0.975EPSS

2022-07-05 04:30 AM
391
githubexploit
githubexploit

Exploit for Cross-site Scripting in Citrix Gateway

CVE-2023-24488 POC for CVE-2023-24488 Citrix Gateway...

6.1CVSS

6.1AI Score

0.055EPSS

2023-07-04 06:02 PM
385
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.2.0 Product Security Update (Important) (RHSA-2022:6079)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6079 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...

6.5CVSS

6.7AI Score

0.001EPSS

2024-04-28 12:00 AM
3
cvelist
cvelist

CVE-2023-50218 Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

8.8CVSS

9.2AI Score

0.0005EPSS

2024-05-03 02:14 AM
osv
osv

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

7.9CVSS

7.8AI Score

0.0004EPSS

2024-05-16 09:15 PM
4
wolfi
wolfi

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....

7.8AI Score

0.0004EPSS

2024-06-17 09:08 AM
17
wolfi
wolfi

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....

7.8AI Score

0.0004EPSS

2024-06-17 09:08 AM
17
wolfi
wolfi

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: pombump, consul, nri-mssql, clusterctl, crossplane, render-template, vite, flux-image-reflector-controller, nri-discovery-kubernetes, kube-state-metrics, gomplate, kubernetes-event-exporter, aws-load-balancer-controller, newrelic-infrastructure-agent, thanos-operator,....

7.5AI Score

2024-06-17 09:08 AM
19
nessus
nessus

Rockwell Automation MicroLogix 1100 PLC < Series B FRN 13.0 Multiple Vulnerabilities

The Rockwell Automation MicroLogix 1100 PLC integrated web server has a firmware version that is prior to Series B FRN 13.0. It is, therefore, affected by multiple vulnerabilities : An improper access control vulnerability exists when sending a 'stop' command, which causes a denial of ...

2.1AI Score

0.029EPSS

2015-07-07 12:00 AM
21
githubexploit
githubexploit

Exploit for Code Injection in Apache Ofbiz

ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For...

9.8CVSS

6.6AI Score

0.821EPSS

2023-12-14 09:32 AM
349
metasploit
metasploit

Microsoft SQL Server Command Execution

This module will execute a Windows command on a MSSQL/MSDE instance via the xp_cmdshell (default) or the sp_oacreate procedure (more opsec safe, no output, no temporary data table). A valid username and password is required to use this...

7.7AI Score

2009-01-12 05:18 AM
26
githubexploit
githubexploit

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...

9.8CVSS

9.7AI Score

0.938EPSS

2024-06-05 01:05 AM
113
Total number of security vulnerabilities126566