BD Pyxis™ SupplyStation™ RF Auxiliary Security Vulnerabilities
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...
9.8CVSS
7.1AI Score
0.001EPSS
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...
9.8CVSS
9.4AI Score
0.001EPSS
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...
9.8CVSS
8.9AI Score
0.001EPSS
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...
9.8CVSS
9.2AI Score
0.001EPSS
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of...
8.8CVSS
8.9AI Score
0.001EPSS
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of...
8.8CVSS
6.7AI Score
0.001EPSS
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of...
8.8CVSS
7AI Score
0.001EPSS
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of...
8.8CVSS
8.2AI Score
0.001EPSS
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...
9.8CVSS
9.2AI Score
0.001EPSS
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of...
8.8CVSS
8.4AI Score
0.001EPSS
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...
9.8CVSS
8.9AI Score
0.001EPSS
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. Notes Author| Note ---|--- seth-arnold | binutils isn't safe for untrusted...
8.8CVSS
6.8AI Score
0.001EPSS
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function...
9.6AI Score
0.001EPSS
7.1AI Score
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of...
8.3AI Score
0.001EPSS
7.4AI Score
7.4AI Score
7.1AI Score
7.1AI Score
7.4AI Score
7.4AI Score
7.1AI Score
2023 OWASP Top-10 Series: API4:2023 Unrestricted Resource Consumption
Welcome to the 5th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API4:2023 Unrestricted Resource Consumption. In this series we are taking an in-depth look at each category – the details, the...
7.4AI Score
Summary IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by IBM i are vulnerable to denial of service, availability, integrity, and confidentiality impacts as described in the vulnerability details section (CVE-2022-21426, CVE-2023-2597, CVE-2023-21830, CVE-2023-21843,...
9.1CVSS
7.6AI Score
0.002EPSS
Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS.....
9.8CVSS
9.7AI Score
0.921EPSS
Summary There is vulnerability in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVE. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM SDK,...
9.8CVSS
7.3AI Score
0.003EPSS
Prometheus API Information Gather
This module utilizes Prometheus' API calls to gather information about the server's configuration, and targets. Fields which may contain credentials, or credential file names are then pulled out and printed. Targets may have a wealth of information, this module will print the following values when....
6.8AI Score
Prometheus Node Exporter And Windows Exporter Information Gather
This modules connects to a Prometheus Node Exporter or Windows Exporter service and gathers information about the host. Tested against Docker image 1.6.1, Linux 1.6.1, and Windows...
6.7AI Score
H2 Database Web Interface Create Alias Remote Code Execution Exploit
The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...
7.4AI Score
7.1AI Score
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...
6.7CVSS
6.4AI Score
0.0004EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...
6.7CVSS
6.4AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...
4.4CVSS
4.9AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...
4.4CVSS
5.1AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...
4.4CVSS
4.8AI Score
0.0004EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...
6.7CVSS
6.4AI Score
0.0004EPSS
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of...
5.2AI Score
0.0004EPSS
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel...
6.6AI Score
0.0004EPSS
Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report
The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited...
6.7AI Score
Over 120,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums
A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023. "Hackers around the world.....
6.9AI Score
7.1AI Score
Microsoft Azure Subdomain Scanner / Enumerator Exploit
This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and...
7AI Score
7.1AI Score
2023 OWASP Top-10 Series: API3:2023 Broken Object Property Level Authorization
Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API3:2023 Broken Object Property Level Authorization. In this series we are taking an in-depth look at each category – the...
6.8AI Score
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...
9.8CVSS
9.2AI Score
0.003EPSS
Summary IBM® Runtime Environment Java™ is used by CICS Transaction Gateway for Multiplatforms and CICS Transaction Gateway Desktop Edition. The fix updates the Java Runtime Environment to resolve the following vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-40609 DESCRIPTION: **IBM...
9.8CVSS
9.2AI Score
0.003EPSS
Roundcube TimeZone Authenticated File Disclosure
Roundcube Webmail allows unauthorized access to arbitrary files on the host's filesystem, including configuration files. This affects all versions from 1.1.0 through version 1.3.2. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires.....
7AI Score
CVE-2023-21554 - QueueJumper - MSMQ RCE Check
This module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the...
9.8CVSS
9.5AI Score
0.951EPSS
Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM Liberty for Java for IBM Cloud. The CVE(s) listed in this document might affect some configurations of IBM Liberty for Java for IBM Cloud. This product has addressed the applicable CVE. If you run...
9.8CVSS
7.2AI Score
0.003EPSS
7.1AI Score