Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
In cropPhoto of EditUserPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.5AI Score
0.0005EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of spring-web-5.3.15.jar Vulnerability Details ** CVEID: CVE-2024-22243 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
8.1CVSS
7.7AI Score
0.0004EPSS
CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier (pan ID), leading to a denial of service. This packet type is not useful in production and should be used only for PHY...
7.5CVSS
0.0004EPSS
7.3AI Score
NFC: Type confusion due to race condition during tag type change
In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
8.1CVSS
8.5AI Score
0.002EPSS
Memory Disclosure, OOB Write, and Double Free in NFC's Felica Tag Handling
In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
8.9AI Score
0.001EPSS
android source bug. in function avrc_msg_cback of avrc_api.cc
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
9.7AI Score
0.001EPSS
[Bluetooth information disclosure vulnerability when processing AVCT_CMD of AVRC_OP_SUB_INFO]
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
7.2AI Score
0.001EPSS
Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure (CVE-2022-38386)
Summary IBM QRadar Suite software is vulnerable to information exposure through cookie settings. This has been addressed in the latest update. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details ** CVEID: CVE-2022-38386 ...
5.9CVSS
6.1AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in Apache Commons Compress used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-26308 DESCRIPTION: **Apache Commons...
8.1CVSS
7.5AI Score
0.001EPSS
Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution
Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory...
9.8CVSS
9.8AI Score
0.934EPSS
[Out of Bounds Read in nfc_ncif_proc_ee_discover_req Function in nfc_ncicc in nfc]
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.5AI Score
0.001EPSS
[UAF problem found in storaged]
In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
Operating System (OS) Detection (MySQL/MariaDB)
MySQL/MariaDB server banner based Operating System (OS) ...
7.3AI Score
7.3AI Score
7.3AI Score
IBM General Parallel File System Detection
IBM General Parallel File System is installed on the remote Windows...
2AI Score
Areva/Alstom Energy Management System Detection
The remote host is running an Areva/Alstom EMS (Energy Management) Server. Areva/Alstom EMS servers are commonly used in electric transmission and generation systems. Production EMS systems should be scanned carefully because they have been known to have vulnerabilities in proprietary applications....
2.8AI Score
Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks
Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard parameters. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version....
4.3CVSS
7AI Score
0.0004EPSS
Operating System (OS) Detection (NTP)
Network Time Protocol (NTP) server based Operating System (OS) ...
7.3AI Score
Kaseya Virtual System Administrator (VSA) Detection
The web UI of Kaseya Virtual System Administrator (VSA) was detected on the remote...
1.4AI Score
VMware Carbon Black Cloud Endpoint Standard Installed (macOS)
VMware Carbon Black Cloud Endpoint Standard, formerly Cb Defense and Confer, is installed on the remote macOS...
1.3AI Score
Check Point Gaia Operating System Detection
The remote host is a Check Point Gaia OS device. Gaia OS is an operating system for network devices developed by Check Point. It is possible to read the OS version number by logging into the device via...
3.3AI Score
3.3CVSS
4.1AI Score
0.001EPSS
6.6CVSS
6.5AI Score
0.001EPSS
[HIDL] libfmq security bug - a client may cause misaligned store and/or buffer overrun
In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...
6.7CVSS
6.8AI Score
0.0004EPSS
Bluetooth security notice (VU#799380.7 TLP:AMBER)
In btm_sec_pin_code_request of btm_sec.cc, there is a possible bypass of Bluetooth pairing pin-code due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for...
5.4CVSS
6.6AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short...
2.4CVSS
6.2AI Score
0.0004EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
co-matic.com Cross Site Scripting vulnerability OBB-3858335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
[GWP-ASan] Use after free in bluetooth (sdp)
In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
7.2AI Score
0.001EPSS
cloud-creal.com Cross Site Scripting vulnerability OBB-3904340
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
cloud-clone.us Cross Site Scripting vulnerability OBB-3886624
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Moderate: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): jinja2: accepts keys containing non-attribute characters...
5.4CVSS
7AI Score
0.0004EPSS
[some bugs while processsing hidl buffer object will cause arbitrarily-address-reading problem]
In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
5.1AI Score
0.0004EPSS
Memory overflow in btm_scn of bluetooth
In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
7.8CVSS
7.8AI Score
0.0004EPSS
Out of bound write in avrc_ctrl_pars_vendor_cmd of bluetooth avrc_pars_tg
In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for...
8.8CVSS
8.6AI Score
0.001EPSS
System Asset Info Enumeration (Windows)
Enumerates system asset information on the remote Windows host and stores the results for downstream processing. Note: This plugin does not report anything. It only collects information for later...
7.2AI Score
A potential logging of the firestore key via logging within nodejs-firestore exists - Developers who were logging objects through this._settings would be logging the firestore key as well potentially exposing it to anyone with logs read access. We recommend upgrading to version 6.1.0 to avoid this....
5.5CVSS
5.4AI Score
0.0004EPSS
7.3AI Score
Adobe Creative Cloud Security Update (APSB16-11) - Windows
Adobe Creative Cloud is prone to a remote command execution (RCE)...
9.1CVSS
9.4AI Score
0.288EPSS
Releases Ubuntu 24.04 LTS Packages libvirt - Libvirt virtualization toolkit Details USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Alexander Kuznetsov discovered that libvirt incorrectly handled...
6.2CVSS
7.2AI Score
0.001EPSS
VMware Carbon Black Cloud Endpoint Standard Installed (Windows)
VMware Carbon Black Cloud Endpoint Standard, formerly Cb Defense and Confer, is installed on the remote Windows...
1.6AI Score
Summary An information exposure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50954 DESCRIPTION: **IBM InfoSphere Information Server returns sensitive information in URL information that could be used in further attacks against the system....
5.9AI Score
EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Gateway
CVE-2022-22947...
10CVSS
10AI Score
0.975EPSS
McAfee Cloud Single Sign On User Interface Detection
The remote web server is the user interface for McAfee Cloud Single Sign On (formerly McAfee Cloud Identity...
1.4AI Score
cloud-clone.com Cross Site Scripting vulnerability OBB-3885344
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score