8.8CVSS
8.9AI Score
0.001EPSS
Amazon Linux 2 : glibc (ALAS-2023-2371)
The version of glibc installed on the remote host is prior to 2.26-57. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2371 advisory. The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the...
9.8CVSS
9.3AI Score
0.017EPSS
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...
5.3CVSS
5.2AI Score
0.002EPSS
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...
5.3CVSS
0.002EPSS
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...
5.3CVSS
5.3AI Score
0.002EPSS
Tyler Technologies Court Case Management Plus allows a remote, unauthenticated attacker to enumerate and access sensitive files using the tiffserver/tssp.aspx 'FN' and 'PN' parameters. This behavior is related to the use of a deprecated version of Aquaforest TIFF Server, possibly 2.x. The...
5.3CVSS
5.6AI Score
0.002EPSS
[SECURITY] [DLA 3674-1] thunderbird security update
Debian LTS Advisory DLA-3674-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 30, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.5.0-1~deb10u1 CVE...
8.8CVSS
8.8AI Score
0.001EPSS
Issue Overview: 2023-12-14: CVE-2021-33574 was added to this advisory. The mq_notify function in the GNU C Library (aka glibc) has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to....
9.8CVSS
8.9AI Score
0.017EPSS
Exploit for Out-of-bounds Write in Gnu Glibc
![image](https://github.com/WhiteH4T-Dev/CVE-2023-4911-Looney-Tu......
7.8CVSS
7.9AI Score
0.014EPSS
[SECURITY] [DSA 5566-1] thunderbird security update
Debian Security Advisory DSA-5566-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 26, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-6212 CVE-2023-6209...
8.8CVSS
7.8AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
[SECURITY] [DLA 3661-1] firefox-esr security update
Debian LTS Advisory DLA-3661-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 23, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.5.0esr-1~deb10u1 CVE...
8.8CVSS
8.5AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
Debian DLA-3661-1 : firefox-esr - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3661 advisory. On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on...
8.8CVSS
8.7AI Score
0.001EPSS
[SECURITY] [DSA 5561-1] firefox-esr security update
Debian Security Advisory DSA-5561-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 22, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-6204 CVE-2023-6205...
8.8CVSS
7.5AI Score
0.001EPSS
HrServ – Previously unknown web shell used in APT attack
Introduction In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led to....
8.1AI Score
Debian DSA-5561-1 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5561 advisory. On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created...
8.8CVSS
8.7AI Score
0.001EPSS
According to its self-reported version, the Tenable Security Center running on the remote host is affected by multiple vulnerabilities as referenced in the TNS-2023-42 advisory. Security Center leverages third-party software to help provide underlying functionality. Several of the third-party...
7.5CVSS
8.2AI Score
0.004EPSS
(RHSA-2023:7409) Moderate: glibc security update
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security...
7AI Score
0.001EPSS
7.2CVSS
7.2AI Score
0.002EPSS
RHEL 8 : glibc (RHSA-2023:7409)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7409 advisory. glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806) glibc: potential use-after-free in gaih_inet() (CVE-2023-4813) Note...
5.9CVSS
7.7AI Score
0.001EPSS
Updated haproxy packages fix security vulnerability
Haproxy has fixed security and other issues in last upstream version 2.8.3 of branch 2.8 Default user access are now commented out to prevent local action possible exploit and prevent further rpmnew on future updates. Use a check script to have config check result in error log on failure. Fix...
7.2CVSS
7.3AI Score
0.002EPSS
Exploit for Incorrect Comparison in Dynamic-Linq Linq
Dynamic Linq injection to RCE - CVE-2023-32571 About...
9.8CVSS
7.8AI Score
0.003EPSS
Exploit for Incorrect Comparison in Dynamic-Linq Linq
Dynamic Linq injection to RCE - CVE-2023-32571 About...
9.8CVSS
9.9AI Score
0.003EPSS
Understanding the Phobos affiliate structure and activity
Cisco Talos recently identified the most prolific Phobos variants, common affiliate tactics, techniques and procedures (TTPs), and characteristics of the Phobos affiliate structure, based on observed Phobos activity and analysis of over 1,000 Phobos samples from VirusTotal dating back to 2019. We.....
7.9AI Score
Siemens SCALANCE Family Products
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.1CVSS
9.5AI Score
0.004EPSS
Weak Encryption Vulnerability in Multiple Siemens Products
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...
4.9CVSS
6.7AI Score
0.001EPSS
Multiple Siemens products use hard-coded encryption key vulnerability
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...
4.9CVSS
6.5AI Score
0.001EPSS
Multiple Siemens Products Forced Browsing Vulnerability
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...
4.3CVSS
6.7AI Score
0.001EPSS
Multiple Siemens Products Use Trusted Data to Accept Unrelated Untrusted Data Vulnerability
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...
7.2CVSS
7.8AI Score
0.001EPSS
Unchecked Return Value Vulnerability in Multiple Siemens Products
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...
3.7CVSS
6.7AI Score
0.001EPSS
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...
6.5CVSS
7AI Score
0.001EPSS
Multiple Siemens Products Input Validation Error Vulnerability (CNVD-2023-86591)
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...
9.1CVSS
6.9AI Score
0.002EPSS
Uncontrolled Resource Consumption Vulnerability in Multiple Siemens Products
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers (PLCs) or Human Machine Interfaces (HMIs), that comply with the IEEE 802.11...
2.7CVSS
6.8AI Score
0.001EPSS
Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users....
5.9CVSS
4.8AI Score
0.001EPSS
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of...
9.1CVSS
9AI Score
0.002EPSS
Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her...
8.8CVSS
7.5AI Score
0.001EPSS
Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration...
4.9CVSS
5AI Score
0.001EPSS
Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the...
4.9CVSS
4.8AI Score
0.001EPSS
Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an...
4.3CVSS
4.5AI Score
0.001EPSS
Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the...
7.2CVSS
7.2AI Score
0.001EPSS
Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service condition. The device needs to be restarted for the web interface to become available...
6.5CVSS
4.9AI Score
0.001EPSS
sc-pielenhofen.de Improper Access Control vulnerability OBB-3780194
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.9AI Score
sc-hardt.de Improper Access Control vulnerability OBB-3780170
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.9AI Score
Tenable Security Center Multiple Vulnerabilities (TNS-2023-35)
According to its self-reported version, the Tenable Security Center running on the remote host is affected by multiple vulnerabilities as referenced in the TNS-2023-35 advisory. Security Center leverages third-party software to help provide underlying functionality. One of the third- party...
9.8CVSS
8.8AI Score
0.003EPSS
Update Rollup 2 for System Center 2022 Operations Manager
Update Rollup 2 for System Center 2022 Operations Manager Applies to: System Center 2022 Operations Manager Introduction This article describes the new features and issues that are fixed in System Center Operations Manager 2022 Update Rollup 2. This article also contains the installation...
7AI Score
sc-uckerath.de Improper Access Control vulnerability OBB-3777204
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.9AI Score
Update Rollup 2 for System Center 2022 Orchestrator
Update Rollup 2 for System Center 2022 Orchestrator Introduction This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center Orchestrator 2022. This article also contains the installation instructions for this update. Issues that are fixed Monitoring...
7.4AI Score
Moxa NPort 6000 Series Improper Authentication (CVE-2023-5627)
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. This...
7.5CVSS
7.7AI Score
0.001EPSS
Enough Polynomials and Linear Algebra to Implement Kyber
I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...
6.6AI Score