vera-haueisen.de Improper Access Control vulnerability OBB-3780365
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.9AI Score
9.8CVSS
9.2AI Score
0.025EPSS
7.5CVSS
6.9AI Score
0.008EPSS
9.8CVSS
7.2AI Score
0.025EPSS
9.8CVSS
9.2AI Score
0.025EPSS
Emerson Rosemount GC370XA, GC700XA, GC1500XA
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely Vendor: Emerson Equipment: Rosemount GC370XA, GC700XA, GC1500XA Vulnerabilities: Command Injection, Improper Authentication, Improper Authorization 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
9.8CVSS
8.9AI Score
0.001EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: MachineSense LLC. Equipment: MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command...
10CVSS
9AI Score
0.001EPSS
Synology RT6600ax Qualcomm LDB Service Improper Input Validation Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Qualcomm LDB service. The issue results from the lack of proper...
9.8CVSS
7.5AI Score
0.001EPSS
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending.....
7.5CVSS
6.6AI Score
0.0005EPSS
Ten Years Later, New Clues in the Target Breach
On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string "Rescator," which also.....
7.1AI Score
Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)
Impact Denial of Service Details OPC UA specification describes a concept named Subscriptions. Subscriptions monitor a set of Monitored Items for Notifications and return them to the Client in response to Publish requests. The server notifies the client about changes only in case the value is...
7.5CVSS
0.5AI Score
0.002EPSS
Synology RT6600ax WEB API Endpoint Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the WEB API endpoint. The issue results from the lack of proper...
8.8CVSS
7.3AI Score
0.001EPSS
Synology RT6600ax uistrings.cgi Path Traversal Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the uistrings.cgi file. The issue results from the lack of...
5.3CVSS
6AI Score
0.001EPSS
Synology RT6600ax SYNO.Core Uncontrolled Resource Consumption Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Synology RT6600ax routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the SYNO.Core file. The issue results from uncontrolled...
6.5CVSS
6.5AI Score
0.001EPSS
Synology RT6600ax info.cgi Exposure of Sensitive Data Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the info.cgi file. The issue results from the exposure of sensitive...
7.5CVSS
6.1AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the web...
6.6CVSS
7.3AI Score
0.001EPSS
Western Digital MyCloud PR4100 CGI API Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the CGI API. The issue results from the lack of...
7.3AI Score
(Pwn2Own) Softing Secure Integration Server Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
7.1AI Score
EPSS
(0Day) (Pwn2Own) Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability
This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of....
6.6CVSS
7.3AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
6.6CVSS
7.1AI Score
0.001EPSS
This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
4.4CVSS
7.3AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling....
8.8CVSS
6.9AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of the web server. The issue results from the lack of appropriate...
7.5CVSS
7AI Score
0.001EPSS
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending.....
7.5CVSS
6.6AI Score
0.0005EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper...
7.2CVSS
7.3AI Score
0.031EPSS
Western Digital MyCloud PR4100 Logger Class Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the Logger class. The issue results from the lack of.....
7.3AI Score
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of the Western Digital MyCloud PR4100 NAS device. Authentication is required to exploit this vulnerability. The specific flaw exists within the REST SDK. The issue results from the lack of...
7.3AI Score
(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Triangle MicroWorks SCADA Data Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to the lack of user authentication. The issue results from missing...
9.8CVSS
7.6AI Score
0.0005EPSS
This vulnerability allows remote attackers to create arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
7.2CVSS
6.9AI Score
0.001EPSS
(Pwn2Own) Triangle MicroWorks SCADA Data Gateway Workspace Unrestricted Upload Vulnerability
This vulnerability allows remote attackers to upload arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
6.5CVSS
7.3AI Score
0.0005EPSS
This vulnerability allows remote attackers to write arbitrary files on affected installations of Triangle MicroWorks SCADA Data Gateway. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
4.4CVSS
7AI Score
0.0005EPSS
(Pwn2Own) PTC KEPServerEX Variant Resource Exhaustion Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of PTC KEPServerEX. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of variant types. By sending a crafted request, an attacker...
7.5CVSS
6.6AI Score
0.001EPSS
(Pwn2Own) Synology DiskStation Manager Serv.php Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. This vulnerability does not require authentication, but does require some user interaction. The specific flaw exists within the Serv.php endpoint. The issue results from...
7.8CVSS
7.4AI Score
0.001EPSS
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Synology DiskStation Manager. This vulnerability does not require authentication, but does require some user interaction. The specific flaw exists within the dnsauth.php endpoint. The issue...
7.8CVSS
6.8AI Score
0.001EPSS
(Pwn2Own) Synology DiskStation Manager api.php Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the api.php endpoint. The issue results from the lack of authentication prior....
7.8CVSS
6.9AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Western Digital MyCloud PR4100 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...
9.8CVSS
7.1AI Score
0.002EPSS
This vulnerability allows remote attackers to create and read arbitrary files on affected installations of Western Digital MyCloud PR4100 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists.....
4.9CVSS
7AI Score
0.001EPSS
(Pwn2Own) Western Digital MyCloud PR4100 Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Western Digital MyCloud PR4100 NAS devices. Some user interaction is required to exploit this vulnerability. The specific flaw exists within the way the device connects with cloud services. The issue...
7.5CVSS
7.3AI Score
0.001EPSS
(Pwn2Own) Western Digital MyCloud PR4100 Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Western Digital MyCloud PR4100 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the generation of TLS certificates. The issue results.....
7.5CVSS
6.6AI Score
0.001EPSS
(Pwn2Own) Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the ImportXML function. The issue results...
6.5CVSS
6.6AI Score
0.0005EPSS
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA Simulation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OpenSecureChannel messages. By sending a...
7.5CVSS
6.6AI Score
0.002EPSS
(Pwn2Own) Prosys OPC UA Simulation Server Resource Exhaustion Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA Simulation Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of message chunks. By sending a large number...
7.5CVSS
6.6AI Score
0.002EPSS
Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9...
5.4CVSS
5.3AI Score
0.0005EPSS
Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9...
6.5CVSS
5.2AI Score
0.0005EPSS
Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9...
5.4CVSS
6AI Score
0.0005EPSS
CVE-2023-23817 WordPress Simple PDF Viewer Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)
Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9...
6.5CVSS
6.2AI Score
0.0005EPSS
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By...
7.5CVSS
6.7AI Score
0.0005EPSS
(Pwn2Own) NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not...
8.8CVSS
7.8AI Score
0.0005EPSS
(Pwn2Own) NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
5.7CVSS
6.3AI Score
0.0005EPSS
(Pwn2Own) NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
8CVSS
7.6AI Score
0.0005EPSS