Monthly
Blind plaintext injection into Erlang/OTP TLS clients allows a network-positioned attacker to insert unauthenticated APPLICATION_DATA records during the handshake that the application subsequently receives as authenticated post-handshake server data. The root asymmetry is in tls_gen_connection:handle_protocol_record/3, which correctly rejects pre-handshake APPLICATION_DATA for TLS server endpoints but omits the equivalent guard for client endpoints, enabling record buffering prior to authentication. No active exploitation has been confirmed (not in CISA KEV, no POC referenced), but the network-only attack requirement and breadth of affected OTP versions - spanning OTP 17.0 through current - make patching urgent for Erlang-based services that consume TLS client data in untrusted network environments.
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message integrity on a communication channel (CWE-924), allowing remote, unauthenticated attackers to inject or tamper with protocol messages and disrupt device availability. Per the vendor CVSS vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H), the confirmed impact is loss of availability of this industrial controller with no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-auth profile of an ICS device makes it operationally significant.
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unbounded memory growth in the golang.org/x/crypto/ssh package allows an authenticated remote attacker to crash the SSH server process by repeatedly opening channels that the server rejects. All versions of golang.org/x/crypto/ssh prior to 0.52.0 are affected, and a successful attack disrupts service for every user connected to that server instance. No public exploit has been identified at time of analysis, and EPSS probability sits at 0.02% (5th percentile), though the authentication barrier is low and the availability impact affects all concurrent sessions.
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Windows DNS Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Blind plaintext injection into Erlang/OTP TLS clients allows a network-positioned attacker to insert unauthenticated APPLICATION_DATA records during the handshake that the application subsequently receives as authenticated post-handshake server data. The root asymmetry is in tls_gen_connection:handle_protocol_record/3, which correctly rejects pre-handshake APPLICATION_DATA for TLS server endpoints but omits the equivalent guard for client endpoints, enabling record buffering prior to authentication. No active exploitation has been confirmed (not in CISA KEV, no POC referenced), but the network-only attack requirement and breadth of affected OTP versions - spanning OTP 17.0 through current - make patching urgent for Erlang-based services that consume TLS client data in untrusted network environments.
Denial of service in Delta Electronics DVP80ES3 programmable logic controllers arises from a failure to enforce message integrity on a communication channel (CWE-924), allowing remote, unauthenticated attackers to inject or tamper with protocol messages and disrupt device availability. Per the vendor CVSS vector (AV:N/AC:L/PR:N/UI:N/C:N/I:N/A:H), the confirmed impact is loss of availability of this industrial controller with no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, though the network-reachable, no-auth profile of an ICS device makes it operationally significant.
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Unbounded memory growth in the golang.org/x/crypto/ssh package allows an authenticated remote attacker to crash the SSH server process by repeatedly opening channels that the server rejects. All versions of golang.org/x/crypto/ssh prior to 0.52.0 are affected, and a successful attack disrupts service for every user connected to that server instance. No public exploit has been identified at time of analysis, and EPSS probability sits at 0.02% (5th percentile), though the authentication barrier is low and the availability impact affects all concurrent sessions.
The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by manipulating the firmware file and uploading it to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Windows DNS Spoofing Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.