Rockwell Automation FactoryTalk View SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow low-privilege...
7.3AI Score
0.0004EPSS
Siemens Teamcenter Visualization and JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
7.9AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.1CVSS
9.3AI Score
0.002EPSS
Mitsubishi Electric MELSEC-Q/L Series (Update B)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC-Q/L Series Vulnerabilities: Incorrect Pointer Scaling, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
9.8CVSS
10AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
10AI Score
0.005EPSS
Motorola Solutions Vigilant License Plate Readers
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Motorola Solutions Equipment: Vigilant Fixed LPR Coms Box (BCAV1F2-C600) Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Cleartext Storage in a File or on Disk, Use...
7.6AI Score
0.0004EPSS
Siemens SIMATIC S7-200 SMART Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
8.2CVSS
7AI Score
0.0004EPSS
Rockwell Automation FactoryTalk View SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a user from a remote...
7AI Score
0.0004EPSS
Mitsubishi Electric Multiple Products (Update G)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: Multiple products Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could be used to...
9.8CVSS
9.7AI Score
0.006EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
5.9CVSS
7.1AI Score
0.0004EPSS
Siemens SINEC Traffic Analyzer
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
7.8AI Score
0.0004EPSS
Rockwell Automation FactoryTalk View SE
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk View SE Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an outside attacker to...
7AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
9.9AI Score
EPSS
Fuji Electric Tellus Lite V-Simulator
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Fuji Electric Equipment: Tellus Lite V-Simulator Vulnerabilities: Out-of-Bound Write, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a local attacker...
7.8CVSS
8AI Score
0.001EPSS
Siemens SCALANCE XM-400, XR-500
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
10AI Score
0.004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
5.6CVSS
9.8AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
3.3CVSS
6.8AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.3CVSS
7.2AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
10AI Score
0.732EPSS
7.5AI Score
0.0004EPSS
9.8CVSS
7.4AI Score
0.106EPSS
Rejetto HTTP File Server (HFS) 未授权 RCE 漏洞复现 (CVE-2024-23692)...
9.8CVSS
7AI Score
0.002EPSS
7.4AI Score
EPSS
Ubuntu 16.04 LTS / 18.04 LTS : H2 vulnerabilities (USN-6834-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6834-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute...
9.8CVSS
10AI Score
0.518EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : VTE vulnerability (USN-6833-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6833-1 advisory. Siddharth Dushantha discovered that VTE incorrectly handled large window resize escape sequences. An attacker could possibly...
7.5AI Score
0.0004EPSS
Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12433)
The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12433 advisory. - x86/static_call: Add support for Jcc tail-calls (Peter Zijlstra) {CVE-2022-29901} {CVE-2022-23816} Tenable has extracted the preceding...
6.5CVSS
7.4AI Score
EPSS
7.4AI Score
EPSS
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6832-1 advisory. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted...
7.5CVSS
8.1AI Score
0.001EPSS
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2008-1 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were...
9.8CVSS
8.8AI Score
EPSS
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight...
6.1CVSS
5.4AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in Open JDK Version 8, OpenJ9 used by Rational Functional Tester (RFT) / DevOps Test UI. RFT has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM...
3.7CVSS
7.2AI Score
0.001EPSS
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....
9.8CVSS
8.7AI Score
0.05EPSS
Unbreakable Enterprise kernel security update
[5.15.0-207.156.6] - uek-container: Add advanced routing options (Boris Ostrovsky) [Orabug: 36691279] - slub: use count_partial_free_approx() in slab_out_of_memory() (Jianfeng Wang) [Orabug: 36655468] - slub: introduce count_partial_free_approx() (Jianfeng Wang) [Orabug: 36655468] - Revert...
6.5CVSS
7.8AI Score
EPSS
RHEL 8 : kernel (RHSA-2024:3810)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3810 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in...
7.8CVSS
7.6AI Score
EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : libndp vulnerability (USN-6830-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6830-1 advisory. It was discovered that libndp incorrectly handled certain malformed IPv6 router advertisement packets. A local attacker could...
8.1CVSS
8AI Score
0.0004EPSS
RHEL 8 : kernel (RHSA-2024:3859)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3859 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SEV-ES / SEV-SNP...
5.6CVSS
8.1AI Score
0.001EPSS
RHEL 9 : kernel-rt (RHSA-2024:3854)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3854 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
7.8CVSS
7.9AI Score
0.001EPSS
Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6819-3)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6819-3 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...
7.8CVSS
7.4AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS : matio vulnerability (USN-6829-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6829-1 advisory. It was discovered that matio incorrectly handled certain malformed files. An attacker could possibly use this issue to cause a denial of service. ...
5.5CVSS
5.7AI Score
0.001EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6831-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6831-1 advisory. It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A...
7.8CVSS
7.8AI Score
0.0005EPSS
RHEL 9 : kernel (RHSA-2024:3855)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3855 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: SVM: improper check...
7.8CVSS
7.7AI Score
0.001EPSS
Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway
Summary Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details ** IBM X-Force ID: 294242 DESCRIPTION: **Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By.....
8.1AI Score
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: PI Web API Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform remote code...
7.7AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Intrado Equipment: 911 Emergency Gateway (EGW) Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute malicious...
10CVSS
8AI Score
0.0004EPSS
AVEVA PI Asset Framework Client
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: AVEVA Equipment: PI Asset Framework Client Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow malicious code execution. 3. TECHNICAL...
7.3AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Improper Authorization in Handler for Custom URL Scheme, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...
8.8CVSS
7.9AI Score
0.0004EPSS
Schneider Electric APC Easy UPS Online Monitoring Software (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity/Public exploits available Vendor: Schneider Electric Equipment: APC Easy UPS Online Monitoring Software Vulnerability: OS Command Injection, Missing Authentication for Critical Function 2. RISK...
9.8CVSS
10AI Score
0.003EPSS
Rockwell Automation ControlLogix, GuardLogix, and CompactLogix
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: ControlLogix, GuardLogix, CompactLogix Vulnerability: Always-Incorrect Control Flow Implementation 2. RISK EVALUATION Successful exploitation of this vulnerability could compromise...
6.5AI Score
0.0004EPSS
7.3AI Score
June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737)
June 11, 2024—KB5039212 (OS Builds 22621.3737 and 22631.3737) For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 23H2, see its update history page. Note Follow...
9.8CVSS
9.8AI Score
0.003EPSS