Areva/Alstom Energy Management System Detection
The remote host is running an Areva/Alstom EMS (Energy Management) Server. Areva/Alstom EMS servers are commonly used in electric transmission and generation systems. Production EMS systems should be scanned carefully because they have been known to have vulnerabilities in proprietary applications....
2.8AI Score
Exploit for Expression Language Injection in Vmware Spring Cloud Function
CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones...
9.8CVSS
9.8AI Score
0.974EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of spring-web-5.3.15.jar Vulnerability Details ** CVEID: CVE-2024-22243 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
8.1CVSS
7.7AI Score
0.0004EPSS
7.3AI Score
(RHSA-2024:3392) Important: pcp security update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
7.2AI Score
0.0004EPSS
McAfee Cloud Single Sign On User Interface Detection
The remote web server is the user interface for McAfee Cloud Single Sign On (formerly McAfee Cloud Identity...
1.4AI Score
cloud-clone.com Cross Site Scripting vulnerability OBB-3885344
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Security Bulletin: Multiple Linux Kernel vulnerabilities affects IBM Storage Scale System.
Summary There are multiple vulnerabilities in the Linux Kernel, used by IBM Storage Scale System, which could allow a denial of service. Fixes for these vulnerabilities are available. CVE-2023-5178, CVE-2023-3609, CVE-2023-45871, CVE-2023-4732, CVE-2023-1192. Vulnerability Details ** CVEID:...
8.8CVSS
9.2AI Score
0.024EPSS
VMware Carbon Black Cloud Endpoint Standard Installed (Windows)
VMware Carbon Black Cloud Endpoint Standard, formerly Cb Defense and Confer, is installed on the remote Windows...
1.6AI Score
Summary IBM Virtualization Engine TS7700 is susceptible to the vulnerabilities listed below due to the embedded use of IBM Db2. IBM Db2 is used in TS7700 to store metadata about the data it manages. CVE-2023-30431, CVE-2023-29257, CVE-2023-26021, CVE-2023-25930, CVE-2023-27559, CVE-2023-40692....
8.4CVSS
10AI Score
0.003EPSS
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
Check Point Gaia Operating System Detection
The remote host is a Check Point Gaia OS device. Gaia OS is an operating system for network devices developed by Check Point. It is possible to read the OS version number by logging into the device via...
3.3AI Score
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that may allow mountable secret policy enforcement to be bypassed during pod admission (CVE-2024-3177). Vulnerability Details CVEID: CVE-2024-3177 Description: Kubernetes kube-apiserver could.....
2.7CVSS
6.1AI Score
0.0004EPSS
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected...
6.8AI Score
0.0004EPSS
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty, used by IBM Storage Scale System GUI, which could allow a remote attacker to cause a denial of service. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to...
5.9CVSS
6.4AI Score
0.001EPSS
CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string.....
9.8CVSS
6.2AI Score
0.001EPSS
CubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys.....
9.8CVSS
6.7AI Score
0.001EPSS
Kaseya Virtual System Administrator (VSA) Detection
The web UI of Kaseya Virtual System Administrator (VSA) was detected on the remote...
1.4AI Score
VMware Carbon Black Cloud Endpoint Standard Installed (macOS)
VMware Carbon Black Cloud Endpoint Standard, formerly Cb Defense and Confer, is installed on the remote macOS...
1.3AI Score
cloud-creal.com Cross Site Scripting vulnerability OBB-3904340
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Operating System (OS) Detection (NTP)
Network Time Protocol (NTP) server based Operating System (OS) ...
7.3AI Score
9.8CVSS
7.4AI Score
0.001EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Summary Potential Golang Go Information disclosure vulnerabilitiy.(CVE-2023-39326) has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-39326 DESCRIPTION:...
5.3CVSS
6.5AI Score
0.001EPSS
Summary An information exposure vulnerability in InfoSphere Information Server was addressed. Vulnerability Details ** CVEID: CVE-2023-50954 DESCRIPTION: **IBM InfoSphere Information Server returns sensitive information in URL information that could be used in further attacks against the system....
4.3CVSS
5.9AI Score
0.0004EPSS
Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution
Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory...
9.8CVSS
9.8AI Score
0.934EPSS
A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short...
2.4CVSS
6.2AI Score
0.0004EPSS
cloud-clone.us Cross Site Scripting vulnerability OBB-3886624
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
System Asset Info Enumeration (Windows)
Enumerates system asset information on the remote Windows host and stores the results for downstream processing. Note: This plugin does not report anything. It only collects information for later...
7.2AI Score
HP System Management Homepage Login Utility
This module attempts to login to HP System Management Homepage using host operating system...
7.3AI Score
7.3AI Score
IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version information that could aid in further attacks against the system. IBM X-Force ID:...
5.3CVSS
4.9AI Score
0.001EPSS
A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file system_info/index.php of the component System Info Page. The manipulation of the argument System Name/System Short...
2.4CVSS
0.0004EPSS
[Double Free in ce_t4t_data_cback Function in ce_t4t.cc in nfc]
In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for...
9.8CVSS
7.6AI Score
0.001EPSS
co-matic.com Cross Site Scripting vulnerability OBB-3858335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Western Digital My Cloud Products Dropbox App RCE Vulnerability
The Dropbox App of Western Digital My Cloud products is prone to an unauthenticated remote command execution (RCE)...
7.9AI Score
Oracle Enterprise Manager Cloud Control Plugins Detection (credentialed check)
Oracle Enterprise Manager Cloud Control is installed on the remote host, together with a number of...
1.4AI Score
Oracle Enterprise Manager Cloud Control Installation Detection (credentialed check)
Oracle Enterprise Manager Cloud Control (formerly Enterprise Manager Grid Control), an infrastructure management application, is installed on the remote...
1.5AI Score
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux....
7.8CVSS
8.7AI Score
0.002EPSS
Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks
Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard parameters. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version....
4.3CVSS
7AI Score
0.0004EPSS
The remote host is running PostNuke. PostNuke Phoenix 0.721, 0.722 and 0.723 allows a remote attacker causes a denial of service to legitmate users, by submitting a string to its rating...
7.3AI Score
[Out of Bounds Read in nfa_dm_check_set_config Function in nfa_dm_main.cc in nfc]
In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.1AI Score
0.0004EPSS
cloud-clone.us Cross Site Scripting vulnerability OBB-3881425
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
3.3CVSS
4.1AI Score
0.001EPSS
6.6CVSS
6.5AI Score
0.001EPSS
[Out of Bounds Read in nfc_ncif_proc_ee_discover_req Function in nfc_ncicc in nfc]
In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for...
7.5CVSS
6.5AI Score
0.001EPSS
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects <...
5.5CVSS
5.2AI Score
0.0005EPSS
Summary The IBM® Engineering System Design Rhapsody 10.0 iFix001, The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 and The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 contain fixes for vulnerabilities identified in the Vulnerabilities Details section. The refererred iFix...
5.3CVSS
8AI Score
0.033EPSS
NETGEAR ProSAFE Network Management System (NMS) Detection
NETGEAR ProSAFE Network Management System (NMS), a network management application, is running on the remote...
7AI Score
6.6CVSS
6.5AI Score
0.001EPSS