Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in...
7.5CVSS
7.3AI Score
0.001EPSS
Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code...
9.8CVSS
7.4AI Score
0.013EPSS
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...
6.8AI Score
0.001EPSS
7.1AI Score
7.4AI Score
TEM Opera Plus FM Family Transmitter 35.45 XSRF
Title: TEM Opera Plus FM Family Transmitter 35.45 XSRF Advisory ID: ZSL-2023-5800 Type: Local/Remote Impact: Cross-Site Scripting Risk: (4/5) Release Date: 25.10.2023 Summary This new line of Opera plus FM Transmitters combines very high efficiency, high reliability and low energy consumption in...
6.7AI Score
Rockwell Automation Stratix 5800 & 5200 Cisco IOS XE Web UI Privilege Escalation (CVE-2023-20198)
This vulnerability in the Web UI feature of Cisco IOS XE Software allows a remote, unauthenticated threat actor to create an account on a vulnerable system with privilege level 15 access. The threat actor could then potentially use that account to gain control of the affected system. This plugin...
8.8AI Score
Ubuntu 16.04 LTS : Firefox vulnerabilities (USN-4278-2)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4278-2 advisory. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This...
7.6AI Score
Exploit for OS Command Injection in Paloaltonetworks Pan-Os
CVE-2021-3060 POC/ Exploit Description: An OS command...
8.5AI Score
0.006EPSS
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2023-12800)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12800 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
6AI Score
Unbreakable Enterprise kernel security update
[4.1.12-124.78.4.1] - rds: Fix lack of reentrancy for connection reset with dst addr zero (Haakon Bugge) [Orabug: 35741584] ...
5.5CVSS
6.5AI Score
0.0004EPSS
Information Disclosure Vulnerability on some Huawei Products (huawei-sa-20200715-03-informationleak)
There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get...
3.8AI Score
0.0004EPSS
Oracle Linux 6 : thunderbird (ELSA-2020-0574)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0574 advisory. Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed...
7.4AI Score
Oracle Linux 8 : firefox (ELSA-2020-0512)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0512 advisory. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This...
7.3AI Score
Oracle Linux 6 : firefox (ELSA-2020-0521)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0521 advisory. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This...
7.3AI Score
Oracle Linux 8 : thunderbird (ELSA-2020-0577)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0577 advisory. Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed...
7.4AI Score
9.8CVSS
9.5AI Score
0.001EPSS
Epson Printers CSRF Vulnerability (Apr 2023)
Multiple Epson printer models are prone to a cross-site request forgery (CSRF)...
6.6AI Score
0.001EPSS
Epson Printers Multiple Vulnerabilities (Apr 2023)
Multiple Epson printer models are prone to multiple...
5.9AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....
6.5CVSS
6.5AI Score
0.001EPSS
Cross site request forgery (csrf)
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....
6.5CVSS
6.6AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....
7.2AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....
6.3AI Score
0.001EPSS
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...
7.8CVSS
7.5AI Score
0.0004EPSS
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...
7CVSS
6.9AI Score
0.0004EPSS
Open Babel translationVectors parsing out-of-bounds write vulnerabilities
Talos Vulnerability Report TALOS-2022-1666 Open Babel translationVectors parsing out-of-bounds write vulnerabilities July 21, 2023 CVE Number CVE-2022-46292,CVE-2022-46295,CVE-2022-46294,CVE-2022-46293,CVE-2022-46291 SUMMARY Multiple out-of-bounds write vulnerabilities exist in the...
7AI Score
0.001EPSS
Open Babel Gaussian format orientation out-of-bounds write vulnerability
Talos Vulnerability Report TALOS-2022-1672 Open Babel Gaussian format orientation out-of-bounds write vulnerability July 21, 2023 CVE Number CVE-2022-37331 SUMMARY An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit...
7.6AI Score
0.001EPSS
Description of the security update for Office 2013: July 11, 2023 (KB5002400)
Description of the security update for Office 2013: July 11, 2023 (KB5002400) Summary This security update resolves a Microsoft Office graphics remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-33149. Note: To...
8AI Score
0.001EPSS
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator. NOTE: the vendor's perspective is that they have "found.....
9.8CVSS
9.6AI Score
0.012EPSS
Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383)
Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-28288....
8AI Score
0.004EPSS
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...
7.5CVSS
7.5AI Score
0.001EPSS
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...
7.5CVSS
7.5AI Score
0.001EPSS
Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM...
9.1CVSS
9.1AI Score
0.013EPSS
SIGSEGV at libr/bin/p/bin_coff.c:509 in patch_relocs()
Description radare2 5.8.2 misparses symbol information in COFF files, causing a segmentation fault in patch_relocs at libr/bin/p/bin_coff.c:509 # Proof of Concept input.bin 00000000: 6603 e846 4058 6458 4036 5858 5858 5868 f..F@XdX@6XXXXXh 00000010: 5858 7063 5858 5840 0038 00de 57ff ffff ...
7.5CVSS
7.2AI Score
0.0005EPSS
Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367)
Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-23395....
4.1AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...
8.8CVSS
0.1AI Score
Cisco IP Phones < 11.3.7SR1 Multiple Vulnerabilities (cisco-sa-ip-phone-cmd-inj-KMFynVcP)
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. Please see the included Cisco BIDs and Cisco Security Advisory for more...
8.9AI Score
An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone...
5.4CVSS
6AI Score
0.001EPSS
An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone...
5.4CVSS
6AI Score
0.001EPSS
An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone...
7.8AI Score
0.001EPSS
8.7AI Score
0.037EPSS
GitHub Security Lab audited DataHub: Here’s what they found
At GitHub, we really care about open source security and love to help maintainers to secure their code. That is indeed the mission of the GitHub Security Lab. As users of open source software (OSS), we also love to contribute back to the community by helping improve the security posture of the OSS....
9.8CVSS
0.3AI Score
CVE-2023-20079 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...
8.1AI Score
0.002EPSS
CVE-2023-20078 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...
8.1AI Score
0.003EPSS
Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack
Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based.....
1.3AI Score
Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details ["#details"] section...
1.2AI Score
0.003EPSS
Malicious code in selfvmrandom (pypi)
-= Per source details. Do not edit below this line.=- Source: checkmarx (fe85fa4c2e96cb2a2a49f5493aac578f73c5bb2dbed574c3130b280e42fa3fe3) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...
7.2AI Score
Malicious code in pyultra (pypi)
-= Per source details. Do not edit below this line.=- Source: checkmarx (9660e4540466257fc92dab3911b03478215ecd015217fca5e352c0ba568f5004) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...
7.2AI Score
Malicious code in urlultra (pypi)
-= Per source details. Do not edit below this line.=- Source: checkmarx (3c7b155fedf43e93b99c014649b35e6cee427625d86cb5c8fe57497b36942ad4) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...
7.2AI Score
Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347)
Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347) Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities,....
9.7AI Score
0.454EPSS