Lucene search

K

Berkeley-AL20, Berkeley-BD Security Vulnerabilities

fedora
fedora

[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38

FastAPI is a modern, fast (high-performance), web framework for building AP Is with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with Node JS and Go (thanks to Starlette and Pydantic). One of the...

7.1AI Score

2023-05-26 01:52 AM
12
fedora
fedora

[SECURITY] Fedora 38 Update: python-starlette-0.27.0-1.fc38

Starlette is a lightweight ASGI framework/toolkit, which is ideal for build ing async web services in Python. It is production-ready, and gives you the following: =EF=BF=BD=EF=BF=BD=EF=BF=BD A lightweight, low-complexity HTTP web framew ork. =EF=BF=BD=EF=BF=BD=EF=BF=BD WebSocket support. ...

7AI Score

2023-05-26 01:52 AM
5
fedora
fedora

[SECURITY] Fedora 38 Update: python-requests-2.28.2-2.fc38

Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module prov ides most of the HTTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy...

6.1CVSS

7AI Score

0.001EPSS

2023-05-25 01:12 AM
27
rapid7blog
rapid7blog

Introducing: ‘Saved Filters’ in InsightCloudSec

Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....

6.7AI Score

2023-05-18 08:04 PM
31
redhat
redhat

(RHSA-2023:3002) Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.4AI Score

0.002EPSS

2023-05-16 06:00 AM
47
redhat
redhat

(RHSA-2023:2792) Moderate: bind9.16 security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.4AI Score

0.002EPSS

2023-05-16 05:54 AM
52
osv
osv

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

5.3CVSS

6.7AI Score

0.002EPSS

2023-05-16 12:00 AM
8
almalinux
almalinux

Moderate: bind9.16 security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.5CVSS

6.7AI Score

0.002EPSS

2023-05-16 12:00 AM
14
nessus
nessus

Siemens SIPROTEC 5 Devices Null Pointer Dereference (CVE-2023-28766)

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All ver...

7.6AI Score

0.002EPSS

2023-05-16 12:00 AM
9
almalinux
almalinux

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

5.3CVSS

6.7AI Score

0.002EPSS

2023-05-16 12:00 AM
15
thn
thn

New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows

A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with...

7.5AI Score

0.0004EPSS

2023-05-12 01:24 PM
46
redhat
redhat

(RHSA-2023:2261) Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.8AI Score

0.002EPSS

2023-05-09 05:05 AM
19
almalinux
almalinux

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.5CVSS

7.9AI Score

0.002EPSS

2023-05-09 12:00 AM
17
osv
osv

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.5CVSS

6.7AI Score

0.002EPSS

2023-05-09 12:00 AM
4
openvas
openvas

Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2023-1734)

The remote host is missing an update for the Huawei...

3.3CVSS

6.8AI Score

0.001EPSS

2023-05-08 12:00 AM
4
openvas
openvas

Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1756)

The remote host is missing an update for the Huawei...

7.8CVSS

6.5AI Score

0.001EPSS

2023-05-08 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1778)

The remote host is missing an update for the Huawei...

7.8CVSS

6.5AI Score

0.001EPSS

2023-05-08 12:00 AM
2
nessus
nessus

EulerOS Virtualization 3.0.2.0 : libdb (EulerOS-SA-2023-1734)

According to the versions of the libdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior...

5.8AI Score

0.001EPSS

2023-05-07 12:00 AM
5
rapid7blog
rapid7blog

AppDomain Manager Injection: New Techniques For Red Teams

AppDomain Manager Injection is a very versatile and useful technique for red team operators. This technique allows you to effectively turn any Microsoft.NET application on a Windows host into a lolbin (Living Off the Land Binary) by forcing the application to load a specially crafted .NET...

7.7AI Score

2023-05-05 04:39 PM
22
trellix
trellix

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...

7AI Score

0.001EPSS

2023-05-03 12:00 AM
12
trellix
trellix

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component

The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...

7.5AI Score

0.001EPSS

2023-05-03 12:00 AM
10
rapid7blog
rapid7blog

New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022

James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack...

6.6AI Score

2023-04-27 03:35 PM
14
fedora
fedora

[SECURITY] Fedora 36 Update: protobuf-3.19.6-1.fc36

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

7.5CVSS

7.6AI Score

0.002EPSS

2023-04-27 01:30 AM
11
ibm
ibm

Security Bulletin: Vulnerabilities in libpng affect NVIDIA Linux device drivers for System x, Flex and BladeCenter Systems (CVE-2015-8472 CVE-2015-7981 CVE-2015-8126)

Summary NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng. Vulnerability Details Summary NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng. Vulnerability Details CVE-ID: CVE-2015-8472...

7.3CVSS

8.3AI Score

0.12EPSS

2023-04-18 06:22 PM
11
ibm
ibm

Security Bulletin: Several System x and Flex Systems products are affected by vulnerabilities in OpenSSL (CVE-2013-6449, CVE-2013-4353 and CVE-2013-6450)

Summary Security vulnerabilities discovered in OpenSSL have been fixed in recent releases of several IBM System x and Flex Systems products. You may have already applied the updates containing these fixes. Vulnerability Details Abstract Security vulnerabilities discovered in OpenSSL have been...

0.4AI Score

0.9EPSS

2023-04-14 02:32 PM
36
ics
ics

Siemens SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

7.9AI Score

0.002EPSS

2023-04-13 12:00 PM
18
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...

8.8CVSS

9.1AI Score

0.002EPSS

2023-04-13 12:00 AM
47
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-6015-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6015-1 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked...

9.1AI Score

0.002EPSS

2023-04-13 12:00 AM
14
prion
prion

Design/Logic Flaw

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPR...

7.5CVSS

7.4AI Score

0.002EPSS

2023-04-11 10:15 AM
6
cvelist
cvelist

CVE-2023-28766

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPR...

7.5CVSS

7.7AI Score

0.002EPSS

2023-04-11 09:03 AM
nessus
nessus

Amazon Linux AMI : db4 (ALAS-2023-1726)

The version of db4 installed on the remote host is prior to 4.7.25-22.13. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1726 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...

7.5AI Score

0.0004EPSS

2023-04-06 12:00 AM
34
amazon
amazon

Important: db4

Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory....

7.8CVSS

7.7AI Score

0.0004EPSS

2023-03-30 10:50 PM
12
talosblog
talosblog

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Welcome to this week's edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the...

6.2AI Score

2023-03-30 06:00 PM
18
ics
ics

Siemens RADIUS Client of SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

7.5CVSS

7.8AI Score

0.001EPSS

2023-03-21 12:00 PM
22
openvas
openvas

Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1545)

The remote host is missing an update for the Huawei...

7.8CVSS

6.5AI Score

0.001EPSS

2023-03-20 12:00 AM
3
Total number of security vulnerabilities5869