Berkeley-AL20, Berkeley-BD Security Vulnerabilities
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...
7AI Score
0.001EPSS
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...
7.5AI Score
0.001EPSS
New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022
James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack...
6.6AI Score
[SECURITY] Fedora 36 Update: protobuf-3.19.6-1.fc36
Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...
7.5CVSS
7.6AI Score
0.002EPSS
Summary NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng. Vulnerability Details Summary NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng. Vulnerability Details CVE-ID: CVE-2015-8472...
7.3CVSS
8.3AI Score
0.12EPSS
Summary Security vulnerabilities discovered in OpenSSL have been fixed in recent releases of several IBM System x and Flex Systems products. You may have already applied the updates containing these fixes. Vulnerability Details Abstract Security vulnerabilities discovered in OpenSSL have been...
0.4AI Score
0.9EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.9AI Score
0.002EPSS
Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...
8.8CVSS
9.1AI Score
0.002EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-6015-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6015-1 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked...
9.1AI Score
0.002EPSS
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPR...
7.5CVSS
7.4AI Score
0.002EPSS
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPR...
7.5CVSS
7.7AI Score
0.002EPSS
Amazon Linux AMI : db4 (ALAS-2023-1726)
The version of db4 installed on the remote host is prior to 4.7.25-22.13. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1726 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...
7.5AI Score
0.0004EPSS
Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory....
7.8CVSS
7.7AI Score
0.0004EPSS
Welcome to this week's edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the...
6.2AI Score
Siemens RADIUS Client of SIPROTEC 5 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.8AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1520)
The remote host is missing an update for the Huawei...
7.8CVSS
6.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1545)
The remote host is missing an update for the Huawei...
7.8CVSS
6.5AI Score
0.001EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5943-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5943-1 advisory. Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616) An attacker could construct...
9.2AI Score
0.002EPSS
[SECURITY] Fedora 38 Update: python-flask-2.2.3-1.fc38
Flask is called a =EF=BF=BD=EF=BF=BD=EF=BF=BDmicro-framework=EF=BF=BD=EF=BF =BD=EF=BF=BD because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask.....
1.6AI Score
Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT
Welcome to this week's edition of the Threat Source newsletter. There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to replace all our jobs, make college essays a thing of the past and change the face of cybersecurity as.....
7.8CVSS
7.8AI Score
0.968EPSS
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
Summary Cloud Pak for Security (CP4S) v1.8.1.0 and earlier uses packages that are vulnerable to several CVEs. These have been remediated in the latest product release. Please see below for CVE details and the Remediation section for upgrade instructions. Vulnerability Details ** CVEID:...
9.8CVSS
10.3AI Score
0.974EPSS
8.8CVSS
8.8AI Score
0.008EPSS
8.8CVSS
9.4AI Score
0.022EPSS
9.8CVSS
7.8AI Score
0.935EPSS
9.8CVSS
8.3AI Score
0.01EPSS
8.8CVSS
8.8AI Score
0.024EPSS
7.5AI Score
9.8CVSS
7.1AI Score
0.052EPSS
9.8CVSS
9.6AI Score
0.041EPSS
9.8CVSS
7.6AI Score
0.959EPSS
7.5CVSS
7.7AI Score
0.006EPSS
9.8CVSS
8.3AI Score
0.852EPSS
9.8CVSS
8.3AI Score
0.01EPSS
9.8CVSS
7.9AI Score
0.028EPSS
9.8CVSS
8.2AI Score
0.852EPSS
9.8CVSS
7.5AI Score
0.082EPSS
8.8CVSS
6.5AI Score
0.012EPSS