Lucene search

K

B&R Industrial Automation Security Vulnerabilities

osv
osv

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....

8.8CVSS

7.1AI Score

0.0004EPSS

2024-04-29 01:15 PM
veracode
veracode

Arbitrary Code Execution

r-base is vulnerable to Arbitrary Code Execution. The vulnerability is due to deserialization of untrusted data, which can occur when interacting with a maliciously crafted RDS (R Data Serialization) formatted file or R package, allows maliciously crafted RDS (R Data Serialization) formatted files....

8.8CVSS

9AI Score

0.0004EPSS

2024-05-05 02:38 PM
8
osv
osv

CVE-2023-38855

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in...

6.5CVSS

8.2AI Score

0.001EPSS

2023-08-15 05:15 PM
3
osv
osv

CVE-2023-38853

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in...

6.5CVSS

8.2AI Score

0.001EPSS

2023-08-15 05:15 PM
3
osv
osv

CVE-2023-38851

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in...

6.5CVSS

8.2AI Score

0.001EPSS

2023-08-15 05:15 PM
4
osv
osv

CVE-2023-38854

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in...

6.5CVSS

8.2AI Score

0.001EPSS

2023-08-15 05:15 PM
2
osv
osv

CVE-2023-38852

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in...

6.5CVSS

8.2AI Score

0.001EPSS

2023-08-15 05:15 PM
4
osv
osv

CVE-2023-38856

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in...

6.5CVSS

8.2AI Score

0.001EPSS

2023-08-15 05:15 PM
7
ibm
ibm

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-51775

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could...

6.1AI Score

0.0004EPSS

2024-06-04 12:59 PM
4
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5072 DESCRIPTION:...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-10 10:46 PM
5
ibm
ibm

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-27270

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a cross-site...

4.7CVSS

5.5AI Score

0.0004EPSS

2024-06-03 01:24 PM
ibm
ibm

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2023-51775

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...

6.1AI Score

0.0004EPSS

2024-06-03 11:27 AM
4
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-25026

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

5.9CVSS

6.2AI Score

0.0004EPSS

2024-06-03 11:33 AM
2
ibm
ibm

Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033

Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details ** CVEID: CVE-2024-31033 DESCRIPTION: **An unspecified error with ignoring certain characters in jwtk JJWT (aka Java JWT) has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal...

6AI Score

0.0004EPSS

2024-06-03 11:26 AM
1
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Liberty Profile affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation as part of UMS and as an application server for container deployments. This bulletin identifies the security fixes to apply to address the vulnerability. ...

7.5CVSS

8.2AI Score

0.732EPSS

2024-06-10 10:49 PM
5
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF033 and 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-21501 DESCRIPTION: **Node.js sanitize-html module could allow a remote attacker to...

8.8CVSS

9.7AI Score

EPSS

2024-06-04 05:15 PM
7
ibm
ibm

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-25710, CVE-2024-26308

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details ** CVEID: CVE-2024-25710 DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted...

8.1CVSS

6.4AI Score

0.001EPSS

2024-06-03 03:54 PM
4
ibm
ibm

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-22353

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...

7.5CVSS

6.4AI Score

0.0004EPSS

2024-06-03 11:45 AM
2
ibm
ibm

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-27268

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...

5.9CVSS

6.3AI Score

0.0004EPSS

2024-06-03 11:28 AM
2
ibm
ibm

Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow packages a vulnerable version of the eclipse jetty library. Vulnerability Details ** CVEID: CVE-2020-27216 DESCRIPTION: **Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the...

7.5CVSS

7.1AI Score

0.802EPSS

2024-06-03 01:36 PM
2
ibm
ibm

Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow.

Summary IBM Business Automation Workflow packages a vulnerable copy of angular.js. Vulnerability Details ** CVEID: CVE-2023-26117 DESCRIPTION: **AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the $resource service. By providing...

6.1CVSS

6.8AI Score

0.005EPSS

2024-06-03 01:24 PM
2
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

4.3CVSS

5.6AI Score

0.0004EPSS

2024-06-03 11:37 AM
3
ibm
ibm

Security Bulletin: Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation.

Summary Multiple vulnerabilities in IBM MQ affect IBM Robotic Process Automation. IBM MQ is used by IBM Robotic Process Automation for message queueing. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-26159 DESCRIPTION:...

7.5CVSS

9.4AI Score

0.732EPSS

2024-06-10 10:47 PM
7
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

4.3CVSS

5.6AI Score

0.0004EPSS

2024-06-03 11:32 AM
2
ibm
ibm

Security Bulletin: Spring vulnerability in embedded components may affect IBM Business Automation Workflow - CVE-2024-22243

Summary IBM Business Automation Workflow is vulnerable to a open redirect attack. Vulnerability Details ** CVEID: CVE-2024-22243 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability when using...

8.1CVSS

6.5AI Score

0.0004EPSS

2024-06-11 09:50 AM
ibm
ibm

Security Bulletin: A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-0056)

Summary A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation resulting in a bypass of security restrictions. Microsoft .NET Core is used by IBM Robotic Process Automation as part of it's development platform. This bulletin identifies the security fixes to apply to address.....

8.7CVSS

8.6AI Score

0.001EPSS

2024-06-05 08:26 PM
1
ibm
ibm

Security Bulletin: A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation and may result in a denial of service (CVE-2024-21319)

Summary A vulnerability in Microsoft Azure Identity affects IBM Robotic Process Automation which may result in a denial of service. Microsoft Azure Identity is used by IBM Robotic Process Automation as part of identity management. This bulletin identifies the security fixes to apply to address the....

6.8CVSS

6.7AI Score

0.001EPSS

2024-06-05 05:52 PM
2
ibm
ibm

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2023-50312

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

5.3CVSS

5.7AI Score

0.0004EPSS

2024-06-03 11:34 AM
2
ibm
ibm

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

6.5CVSS

6AI Score

0.0004EPSS

2024-06-03 11:31 AM
3
fedora
fedora

[SECURITY] Fedora 39 Update: R-4.3.3-2.fc39

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-09 02:05 AM
4
fedora
fedora

[SECURITY] Fedora 38 Update: R-4.3.3-2.fc38

This is a metapackage that provides both core R userspace and all R development components. R is a language and environment for statistical computing and graphics. R is similar to the award-winning S system, which was developed at Bell Laboratories by John Chambers et al. It provides a wide...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-05-09 01:49 AM
6
ibm
ibm

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a...

7CVSS

7AI Score

0.0004EPSS

2024-05-31 10:42 AM
7
debiancve
debiancve

CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....

8.8CVSS

8.9AI Score

0.0004EPSS

2024-04-29 01:15 PM
22
nuclei
nuclei

Advantech R-SeeNet - Cross-Site Scripting

Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code...

6.1CVSS

6AI Score

0.802EPSS

2021-07-18 01:12 PM
1
nuclei
nuclei

Advantech R-SeeNet - Cross-Site Scripting

Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code...

6.1CVSS

6.2AI Score

0.802EPSS

2021-07-18 01:12 PM
6
nuclei
nuclei

Advantech R-SeeNet - Cross-Site Scripting

Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code...

6.1CVSS

6.1AI Score

0.802EPSS

2021-07-18 01:12 PM
6
nuclei
nuclei

Advantech R-SeeNet 2.4.12 - Cross-Site Scripting

Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script...

6.1CVSS

6.2AI Score

0.802EPSS

2022-08-05 05:55 AM
5
nuclei
nuclei

Advantech R-SeeNet 2.4.12 - Cross-Site Scripting

Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the ssh_form.php script...

6.1CVSS

6.2AI Score

0.802EPSS

2022-08-05 05:56 AM
2
ibm
ibm

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor repackages a vulnerable version of Node.js and express. Vulnerability Details ** CVEID: CVE-2024-27982 DESCRIPTION: **Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server....

6.1CVSS

8AI Score

EPSS

2024-05-10 08:17 AM
9
nuclei
nuclei

Advantech R-SeeNet 2.4.12 - OS Command Injection

Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering...

9.8CVSS

9.7AI Score

0.971EPSS

2022-08-05 05:57 AM
11
ibm
ibm

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2024-30260 DESCRIPTION: **Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a...

9.8CVSS

10AI Score

0.175EPSS

2024-05-21 09:37 AM
4
ibm
ibm

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-25026)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....

5.9CVSS

5.7AI Score

0.0004EPSS

2024-05-06 04:34 PM
7
freebsd
freebsd

R -- arbitrary code execution vulnerability

HiddenLayer Research reports: Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user's...

8.8CVSS

7.7AI Score

0.0004EPSS

2024-04-29 12:00 AM
7
wolfi
wolfi

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: apko, argo-cd, skaffold, policy-controller, crossplane, pulumi-language-dotnet, falco, aactl, kaniko, terragrunt, zarf, pulumi-language-yaml, pulumi, cosign, spire-server, actions-runner-controller, flux-kustomize-controller, flux-notification-controller, rclone,...

7.5AI Score

2024-06-17 09:08 AM
41
ibm
ibm

Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2021-37533

Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow bundles a vulnerable copy of Apache commons-net. Vulnerability Details ** CVEID: CVE-2021-37533 DESCRIPTION: **Apache Commons Net could allow a remote attacker to obtain sensitive information, caused by an...

6.5CVSS

9.2AI Score

0.004EPSS

2024-05-03 07:20 AM
4
ibm
ibm

Security Bulletin: WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service. (CVE-2024-25026)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to...

6.4CVSS

6AI Score

0.0004EPSS

2024-05-13 05:27 AM
8
ibm
ibm

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for April 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF032 and 23.0.2-IF004. Vulnerability Details ** CVEID: CVE-2024-22353 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through...

9.8CVSS

10AI Score

0.732EPSS

2024-05-02 07:03 AM
13
packetstorm

7.2AI Score

0.0004EPSS

2024-05-30 12:00 AM
35
osv
osv

Improper use of metav1.Duration allows for Denial of Service

Flux controllers within the affected versions range are vulnerable to a denial of service attack. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interval or .spec.timeout (and structured...

5CVSS

1.6AI Score

0.001EPSS

2022-10-19 06:40 PM
14
Total number of security vulnerabilities126566