Lucene search

K

B&R Security Vulnerabilities

redhat
redhat

(RHSA-2024:3178) Important: linux-firmware security update

The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329) hw: amd: INVD instruction may lead to a loss of SEV-ES guest machine...

7AI Score

0.0005EPSS

2024-05-22 06:35 AM
15
osv
osv

CVE-2022-41954

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems (not Windows or macos), MPXJ's use of File.createTempFile(..) results in temporary files being created with the permissions -rw-r--r--. This means that any...

3.3CVSS

3.4AI Score

0.0004EPSS

2022-11-25 07:15 PM
5
osv
osv

CVE-2022-31150

undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate \r\n is a workaround for this...

6.5CVSS

7.4AI Score

0.001EPSS

2022-07-19 09:15 PM
8
nessus
nessus

Intel Converged Security Management Engine (CSME) Active Management Technology (AMT) Multiple Vulnerabilities (INTEL-SA-00391)

The Intel Converged Security Management Engine (CSME) on the remote host is affected by multiple vulnerabilities in the Active Management Technology (AMT) feature, including the following: Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, ...

9.8CVSS

3.4AI Score

0.003EPSS

2020-11-20 12:00 AM
12
redhat
redhat

(RHSA-2021:4140) Moderate: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810...

7.9AI Score

0.004EPSS

2021-11-09 08:21 AM
26
cvelist
cvelist

CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...

5.3CVSS

5.7AI Score

0.0004EPSS

2024-03-14 04:45 PM
1
cve
cve

CVE-2023-43490

Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local...

5.3CVSS

5.6AI Score

0.0004EPSS

2024-03-14 05:15 PM
44
githubexploit
githubexploit

Exploit for Command Injection in Chamilo

CVE-2023-34960 Mass unauthenticated command injection...

9.8CVSS

9.7AI Score

0.922EPSS

2023-07-22 05:27 AM
340
nuclei
nuclei

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI...

7.2CVSS

7.2AI Score

0.15EPSS

2021-06-08 04:19 PM
10
osv
osv

BIT-ruby-2020-5247

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. CR, LF or/r, /n) to end the header and inject malicious content, such as additional headers or an entirely new response body....

7.5CVSS

6.2AI Score

0.011EPSS

2024-03-06 11:05 AM
6
cve
cve

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

6.8AI Score

0.0004EPSS

2024-05-17 02:15 PM
32
githubexploit

10AI Score

2022-04-24 06:25 PM
265
nvd
nvd

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

7.5AI Score

0.0004EPSS

2024-05-17 02:15 PM
githubexploit
githubexploit

Exploit for Command Injection in Chamilo

CVE-2023-34960 Mass unauthenticated command injection...

9.8CVSS

9.8AI Score

0.922EPSS

2023-07-22 05:27 AM
125
osv
osv

CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when.....

3.3CVSS

4.3AI Score

0.0004EPSS

2023-04-14 10:15 PM
1
osv
osv

CVE-2023-26142

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds)....

6.5CVSS

7.4AI Score

0.0005EPSS

2023-09-12 05:15 AM
2
githubexploit
githubexploit

Exploit for CVE-2023-43208

CVE-2023-43208 - Mirth Connect Remote Code Execution (RCE)...

9.8CVSS

8.2AI Score

0.956EPSS

2024-03-15 12:03 PM
37
githubexploit
githubexploit

Exploit for Expression Language Injection in Vmware Spring Cloud Gateway

Spring Cloud Gateway Actuator API...

9.8AI Score

2022-03-13 10:00 AM
518
f5
f5

K000135795: Downfall Attacks CVE-2022-40982

Security Advisory Description Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-40982) Impact...

6.5AI Score

0.001EPSS

2023-08-09 12:00 AM
15
debiancve
debiancve

CVE-2024-27391

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: do not realloc workqueue everytime an interface is added Commit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to "NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order to set the...

6.5AI Score

0.0004EPSS

2024-05-01 01:15 PM
4
redhat
redhat

(RHSA-2021:4356) Moderate: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient...

8.1AI Score

0.004EPSS

2021-11-09 09:08 AM
24
openbugbounty
openbugbounty

andre-r-rowe-photography.seehouseat.com Cross Site Scripting vulnerability OBB-3844869

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-01-27 07:47 PM
2
githubexploit
githubexploit

Exploit for CVE-2023-22515

CVE-2023-22515-Scan About This is simple scanner for...

9.8CVSS

9.6AI Score

0.973EPSS

2023-10-06 08:29 PM
433
ubuntucve
ubuntucve

CVE-2024-27391

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: do not realloc workqueue everytime an interface is added Commit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to "NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order to set the...

6.4AI Score

0.0004EPSS

2024-05-01 12:00 AM
6
osv
osv

CVE-2021-3701

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user....

6.6CVSS

6.2AI Score

0.0004EPSS

2022-08-23 04:15 PM
3
packetstorm

7.4AI Score

2024-05-14 12:00 AM
129
amazon
amazon

Medium: microcode_ctl

Issue Overview: 2024-05-09: CVE-2021-33117 was added to this advisory. Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. (CVE-2021-33117) A flaw was....

5.5CVSS

7.1AI Score

0.0005EPSS

2022-06-30 11:38 PM
25
almalinux
almalinux

Important: edk2 security update

EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message (CVE-2023-45235) EDK2: heap...

8.8CVSS

6.8AI Score

0.006EPSS

2024-05-22 12:00 AM
1
osv
osv

BIT-airflow-2024-29735

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3.Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix...

6.7AI Score

0.0004EPSS

2024-03-28 07:16 AM
11
cve
cve

CVE-2024-0323

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product...

9.8CVSS

9.3AI Score

0.001EPSS

2024-02-05 04:15 PM
29
cve
cve

CVE-2023-3242

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation...

8.6CVSS

5.7AI Score

0.001EPSS

2023-07-26 06:15 PM
43
cvelist
cvelist

CVE-2021-33145

Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

7.2CVSS

7.3AI Score

0.0004EPSS

2024-05-16 08:47 PM
2
cve
cve

CVE-2024-21777

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

7AI Score

0.0004EPSS

2024-05-16 09:16 PM
31
cvelist
cvelist

CVE-2024-21777

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

6.7AI Score

0.0004EPSS

2024-05-16 08:47 PM
1
vulnrichment
vulnrichment

CVE-2024-21777

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

7.1AI Score

0.0004EPSS

2024-05-16 08:47 PM
nessus
nessus

Amazon Linux 2023 : libRmath, libRmath-devel, libRmath-static (ALAS2023-2024-638)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-638 advisory. Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data...

8.8CVSS

7.3AI Score

0.0004EPSS

2024-06-10 12:00 AM
cve
cve

CVE-2021-33146

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network...

5.3CVSS

6.6AI Score

0.0004EPSS

2024-05-16 08:47 PM
1959
cvelist
cvelist

CVE-2021-33146

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network...

5.3CVSS

5.5AI Score

0.0004EPSS

2024-05-16 08:47 PM
cve
cve

CVE-2023-22656

Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local...

3.9CVSS

6.9AI Score

0.0004EPSS

2024-05-16 09:15 PM
27
githubexploit
githubexploit

Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal Elementor Addons

🚀 WordPress Royal Elementor Addons and Templates Exploit...

9.8CVSS

9.6AI Score

0.911EPSS

2023-11-02 03:28 AM
253
vulnrichment
vulnrichment

CVE-2023-42668

Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

7.2AI Score

0.0004EPSS

2024-05-16 08:47 PM
1
zdt

7.4AI Score

2024-05-13 12:00 AM
30
githubexploit
githubexploit

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Bug: Bug is inside function...

7CVSS

7.4AI Score

0.0004EPSS

2024-06-24 10:37 AM
45
cve
cve

CVE-2023-47282

Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local...

3.9CVSS

7AI Score

0.0004EPSS

2024-05-16 09:16 PM
31
cvelist
cvelist

CVE-2024-27391 wifi: wilc1000: do not realloc workqueue everytime an interface is added

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: do not realloc workqueue everytime an interface is added Commit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to "NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order to set the...

6.6AI Score

0.0004EPSS

2024-05-01 01:05 PM
cvelist
cvelist

CVE-2023-42668

Incorrect default permissions in some onboard video driver software before version 1.14 for Intel(R) Server Boards based on Intel(R) 62X Chipset may allow an authenticated user to potentially enable escalation of privilege via local...

6.7CVSS

6.8AI Score

0.0004EPSS

2024-05-16 08:47 PM
githubexploit
githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

log4j-shell-poc A Proof-Of-Concept for the recently found...

8.6AI Score

2021-12-10 11:19 PM
674
vulnrichment
vulnrichment

CVE-2021-33146

Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable information disclosure via network...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-16 08:47 PM
cve
cve

CVE-2021-33145

Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

7.2CVSS

7AI Score

0.0004EPSS

2024-05-16 08:47 PM
1946
vulnrichment
vulnrichment

CVE-2021-33145

Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

7.2CVSS

7.1AI Score

0.0004EPSS

2024-05-16 08:47 PM
1
Total number of security vulnerabilities101215