Lucene search

K

Berkeley-AL20, Berkeley-BD Security Vulnerabilities

trellix
trellix

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...

7AI Score

0.001EPSS

2023-05-03 12:00 AM
11
trellix
trellix

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...

7.5AI Score

0.001EPSS

2023-05-03 12:00 AM
9
rapid7blog
rapid7blog

New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022

James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack...

6.6AI Score

2023-04-27 03:35 PM
13
fedora
fedora

[SECURITY] Fedora 36 Update: protobuf-3.19.6-1.fc36

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

7.5CVSS

7.6AI Score

0.002EPSS

2023-04-27 01:30 AM
10
ibm
ibm

Security Bulletin: Vulnerabilities in libpng affect NVIDIA Linux device drivers for System x, Flex and BladeCenter Systems (CVE-2015-8472 CVE-2015-7981 CVE-2015-8126)

Summary NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng. Vulnerability Details Summary NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng. Vulnerability Details CVE-ID: CVE-2015-8472...

7.3CVSS

8.3AI Score

0.12EPSS

2023-04-18 06:22 PM
11
ibm
ibm

Security Bulletin: Several System x and Flex Systems products are affected by vulnerabilities in OpenSSL (CVE-2013-6449, CVE-2013-4353 and CVE-2013-6450)

Summary Security vulnerabilities discovered in OpenSSL have been fixed in recent releases of several IBM System x and Flex Systems products. You may have already applied the updates containing these fixes. Vulnerability Details Abstract Security vulnerabilities discovered in OpenSSL have been...

0.4AI Score

0.9EPSS

2023-04-14 02:32 PM
36
ics
ics

Siemens SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

7.9AI Score

0.002EPSS

2023-04-13 12:00 PM
17
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...

8.8CVSS

9.1AI Score

0.002EPSS

2023-04-13 12:00 AM
46
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-6015-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6015-1 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked...

9.1AI Score

0.002EPSS

2023-04-13 12:00 AM
11
prion
prion

Design/Logic Flaw

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPR...

7.5CVSS

7.4AI Score

0.002EPSS

2023-04-11 10:15 AM
6
cvelist
cvelist

CVE-2023-28766

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPR...

7.5CVSS

7.7AI Score

0.002EPSS

2023-04-11 09:03 AM
nessus
nessus

Amazon Linux AMI : db4 (ALAS-2023-1726)

The version of db4 installed on the remote host is prior to 4.7.25-22.13. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1726 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...

7.5AI Score

0.0004EPSS

2023-04-06 12:00 AM
34
amazon
amazon

Important: db4

Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory....

7.8CVSS

7.7AI Score

0.0004EPSS

2023-03-30 10:50 PM
12
talosblog
talosblog

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Welcome to this week's edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the...

6.2AI Score

2023-03-30 06:00 PM
18
ics
ics

Siemens RADIUS Client of SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

7.8AI Score

0.001EPSS

2023-03-21 12:00 PM
22
openvas
openvas

Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1520)

The remote host is missing an update for the Huawei...

7.8CVSS

6.5AI Score

0.001EPSS

2023-03-20 12:00 AM
5
openvas
openvas

Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1545)

The remote host is missing an update for the Huawei...

7.8CVSS

6.5AI Score

0.001EPSS

2023-03-20 12:00 AM
3
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5943-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5943-1 advisory. Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616) An attacker could construct...

9.2AI Score

0.002EPSS

2023-03-13 12:00 AM
10
fedora
fedora

[SECURITY] Fedora 38 Update: python-flask-2.2.3-1.fc38

Flask is called a =EF=BF=BD=EF=BF=BD=EF=BF=BDmicro-framework=EF=BF=BD=EF=BF =BD=EF=BF=BD because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask.....

1.6AI Score

2023-03-11 03:55 AM
10
talosblog
talosblog

Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT

Welcome to this week's edition of the Threat Source newsletter. There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to replace all our jobs, make college essays a thing of the past and change the face of cybersecurity as.....

7.8CVSS

7.8AI Score

0.968EPSS

2023-03-09 07:00 PM
28
ibm
ibm

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Summary Cloud Pak for Security (CP4S) v1.8.1.0 and earlier uses packages that are vulnerable to several CVEs. These have been remediated in the latest product release. Please see below for CVE details and the Remediation section for upgrade instructions. Vulnerability Details ** CVEID:...

9.8CVSS

10.3AI Score

0.974EPSS

2023-03-08 06:05 PM
134
openvas
openvas

Debian: Security Advisory (DLA-572-1)

The remote host is missing an update for the...

8.8CVSS

8.8AI Score

0.008EPSS

2023-03-08 12:00 AM
6
openvas
openvas

Debian: Security Advisory (DLA-640-1)

The remote host is missing an update for the...

8.8CVSS

9.4AI Score

0.022EPSS

2023-03-08 12:00 AM
7
openvas
openvas

Debian: Security Advisory (DLA-800-1)

The remote host is missing an update for the...

9.8CVSS

7.8AI Score

0.935EPSS

2023-03-08 12:00 AM
5
openvas
openvas

Debian: Security Advisory (DLA-1199-1)

The remote host is missing an update for the...

9.8CVSS

8.3AI Score

0.01EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-519-1)

The remote host is missing an update for the...

8.8CVSS

8.8AI Score

0.024EPSS

2023-03-08 12:00 AM
2
openvas
openvas

Debian: Security Advisory (DLA-1780)

The remote host is missing an update for the...

7.5AI Score

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-585-1)

The remote host is missing an update for the...

9.8CVSS

7.1AI Score

0.052EPSS

2023-03-08 12:00 AM
5
openvas
openvas

Debian: Security Advisory (DLA-658-1)

The remote host is missing an update for the...

9.8CVSS

9.6AI Score

0.041EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-752-1)

The remote host is missing an update for the...

9.8CVSS

7.6AI Score

0.959EPSS

2023-03-08 12:00 AM
1
openvas
openvas

Debian: Security Advisory (DLA-1202-1)

The remote host is missing an update for the...

7.5CVSS

7.7AI Score

0.006EPSS

2023-03-08 12:00 AM
4
openvas
openvas

Debian: Security Advisory (DLA-743-1)

The remote host is missing an update for the...

9.8CVSS

8.3AI Score

0.852EPSS

2023-03-08 12:00 AM
2
openvas
openvas

Debian: Security Advisory (DLA-1172-1)

The remote host is missing an update for the...

9.8CVSS

8.3AI Score

0.01EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-1153-1)

The remote host is missing an update for the...

9.8CVSS

7.9AI Score

0.028EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-782-1)

The remote host is missing an update for the...

9.8CVSS

8.2AI Score

0.852EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-636-1)

The remote host is missing an update for the...

9.8CVSS

7.5AI Score

0.082EPSS

2023-03-08 12:00 AM
1
openvas
openvas

Debian: Security Advisory (DLA-1223-1)

The remote host is missing an update for the...

8.8CVSS

6.5AI Score

0.012EPSS

2023-03-08 12:00 AM
5
Total number of security vulnerabilities5771