global-navigator.com Cross Site Scripting vulnerability OBB-3928249
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
8AI Score
0.0004EPSS
Siemens Teamcenter Visualization and JT2Go
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
8.2AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
7.9AI Score
0.0004EPSS
Siemens PS/IGES Parasolid Translator Component
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
8AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
6.5CVSS
7.1AI Score
0.0004EPSS
Siemens SIMATIC RTLS Locating Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
9.2AI Score
0.009EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
8.6AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
7.6AI Score
0.0004EPSS
Siemens SIMATIC CN 4100 Before V3.0
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
8AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
6.5CVSS
7.2AI Score
0.0004EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
9.8CVSS
10AI Score
0.0004EPSS
Siemens Desigo Fire Safety UL and Cerberus PRO UL Fire Protection Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
10CVSS
9AI Score
0.001EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.8CVSS
8.6AI Score
0.0004EPSS
Slackware Linux 15.0 / current git Multiple Vulnerabilities (SSA:2024-136-02)
The version of git installed on the remote host is prior to 2.39.4 / 2.45.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-136-02 advisory. Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4,...
9CVSS
7.9AI Score
0.002EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1659-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi:...
7.8CVSS
7.7AI Score
0.0005EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1650-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1650-1 advisory. In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4...
7.8CVSS
8.1AI Score
0.0004EPSS
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator...
9.8CVSS
7.1AI Score
0.0004EPSS
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator...
9.8CVSS
9.7AI Score
0.0004EPSS
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production...
9.8CVSS
6.7AI Score
0.0004EPSS
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass...
9.8CVSS
6.8AI Score
0.0004EPSS
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production...
9.8CVSS
9.5AI Score
0.0004EPSS
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business...
9.8CVSS
6.7AI Score
0.0004EPSS
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code ...
8.8CVSS
7.4AI Score
0.0004EPSS
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code ...
8.8CVSS
8.9AI Score
0.0004EPSS
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass...
9.8CVSS
9.5AI Score
0.0004EPSS
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business...
9.8CVSS
9.5AI Score
0.0004EPSS
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote ...
8.8CVSS
6.9AI Score
0.0004EPSS
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be...
4.9CVSS
6.5AI Score
0.0004EPSS
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious...
7.7CVSS
7.7AI Score
0.0004EPSS
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any...
6.5CVSS
6.8AI Score
0.0004EPSS
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious...
7.7CVSS
6.8AI Score
0.0004EPSS
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be...
4.9CVSS
5.5AI Score
0.0004EPSS
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote ...
8.8CVSS
8.7AI Score
0.0004EPSS
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any...
6.5CVSS
6.7AI Score
0.0004EPSS
CVE-2024-31409 CyberPower PowerPanel business Improper Authorization
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any...
6.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-31409 CyberPower PowerPanel business Improper Authorization
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any...
6.5CVSS
6.8AI Score
0.0004EPSS
CVE-2024-31410 CyberPower PowerPanel business Use of Hard-coded Cryptographic Key
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious...
7.7CVSS
7.7AI Score
0.0004EPSS
CVE-2024-31410 CyberPower PowerPanel business Use of Hard-coded Cryptographic Key
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious...
7.7CVSS
6.9AI Score
0.0004EPSS
CVE-2024-31856 CyberPower PowerPanel business SQL Injection
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote ...
8.8CVSS
8.8AI Score
0.0004EPSS
CVE-2024-31856 CyberPower PowerPanel business SQL Injection
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote ...
8.8CVSS
7.1AI Score
0.0004EPSS
CVE-2024-32042 CyberPower PowerPanel business Storing Passwords in a Recoverable Format
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be...
4.9CVSS
6.6AI Score
0.0004EPSS
CVE-2024-32042 CyberPower PowerPanel business Storing Passwords in a Recoverable Format
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be...
4.9CVSS
5.3AI Score
0.0004EPSS
CVE-2024-32047 CyberPower PowerPanel business Active Debug Code
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production...
9.8CVSS
9.6AI Score
0.0004EPSS
CVE-2024-32047 CyberPower PowerPanel business Active Debug Code
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production...
9.8CVSS
6.9AI Score
0.0004EPSS
CVE-2024-32053 CyberPower PowerPanel business Use of Hard-coded Credentials
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business...
9.8CVSS
6.8AI Score
0.0004EPSS
CVE-2024-32053 CyberPower PowerPanel business Use of Hard-coded Credentials
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business...
9.8CVSS
9.6AI Score
0.0004EPSS
CVE-2024-33615 CyberPower PowerPanel business Relative Path Traversal
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code ...
8.8CVSS
7.5AI Score
0.0004EPSS
CVE-2024-33615 CyberPower PowerPanel business Relative Path Traversal
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code ...
8.8CVSS
9AI Score
0.0004EPSS
CVE-2024-33625 CyberPower PowerPanel business Use of Hard-coded Password
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass...
9.8CVSS
9.6AI Score
0.0004EPSS