[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38
FastAPI is a modern, fast (high-performance), web framework for building AP Is with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with Node JS and Go (thanks to Starlette and Pydantic). One of the...
7.1AI Score
[SECURITY] Fedora 38 Update: python-starlette-0.27.0-1.fc38
Starlette is a lightweight ASGI framework/toolkit, which is ideal for build ing async web services in Python. It is production-ready, and gives you the following: =EF=BF=BD=EF=BF=BD=EF=BF=BD A lightweight, low-complexity HTTP web framew ork. =EF=BF=BD=EF=BF=BD=EF=BF=BD WebSocket support. ...
7AI Score
[SECURITY] Fedora 38 Update: python-requests-2.28.2-2.fc38
Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module prov ides most of the HTTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy...
6.1CVSS
7AI Score
0.001EPSS
Introducing: ‘Saved Filters’ in InsightCloudSec
Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....
6.7AI Score
(RHSA-2023:3002) Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.4AI Score
0.002EPSS
(RHSA-2023:2792) Moderate: bind9.16 security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.4AI Score
0.002EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
5.3CVSS
6.7AI Score
0.002EPSS
Moderate: bind9.16 security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
6.7AI Score
0.002EPSS
Siemens SIPROTEC 5 Devices Null Pointer Dereference (CVE-2023-28766)
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All ver...
7.6AI Score
0.002EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
5.3CVSS
6.7AI Score
0.002EPSS
New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows
A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with...
7.5AI Score
0.0004EPSS
(RHSA-2023:2261) Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.8AI Score
0.002EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
7.9AI Score
0.002EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
6.7AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2023-1734)
The remote host is missing an update for the Huawei...
3.3CVSS
6.8AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1756)
The remote host is missing an update for the Huawei...
7.8CVSS
6.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1778)
The remote host is missing an update for the Huawei...
7.8CVSS
6.5AI Score
0.001EPSS
EulerOS Virtualization 3.0.2.0 : libdb (EulerOS-SA-2023-1734)
According to the versions of the libdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior...
5.8AI Score
0.001EPSS
AppDomain Manager Injection: New Techniques For Red Teams
AppDomain Manager Injection is a very versatile and useful technique for red team operators. This technique allows you to effectively turn any Microsoft.NET application on a Windows host into a lolbin (Living Off the Land Binary) by forcing the application to load a specially crafted .NET...
7.7AI Score
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...
7AI Score
0.001EPSS
The Art of Information Disclosure: A Deep Dive into CVE-2022-37985, a Unique Information Disclosure Vulnerability in Windows Graphics Component By Bing Sun · May 03, 2023 Overview In October 2022, Microsoft released a security patch to address a unique information disclosure vulnerability in the...
7.5AI Score
0.001EPSS
New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022
James Alaniz and Diamond Fair contributed to this article. We’ve been on quite a roll lately releasing new compliance packs, along with iterative updates to others that we’ve supported for a while now. We’re not done yet, either! In this article, we’ll discuss our newly released compliance pack...
6.6AI Score
[SECURITY] Fedora 36 Update: protobuf-3.19.6-1.fc36
Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...
7.5CVSS
7.6AI Score
0.002EPSS
Summary NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng. Vulnerability Details Summary NVIDIA device drivers for 32-bit and 64-bit Linux have addressed the following vulnerabilities in libpng. Vulnerability Details CVE-ID: CVE-2015-8472...
7.3CVSS
8.3AI Score
0.12EPSS
Summary Security vulnerabilities discovered in OpenSSL have been fixed in recent releases of several IBM System x and Flex Systems products. You may have already applied the updates containing these fixes. Vulnerability Details Abstract Security vulnerabilities discovered in OpenSSL have been...
0.4AI Score
0.9EPSS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.9AI Score
0.002EPSS
Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...
8.8CVSS
9.1AI Score
0.002EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-6015-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6015-1 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked...
9.1AI Score
0.002EPSS
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPR...
7.5CVSS
7.4AI Score
0.002EPSS
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPR...
7.5CVSS
7.7AI Score
0.002EPSS
Amazon Linux AMI : db4 (ALAS-2023-1726)
The version of db4 installed on the remote host is prior to 4.7.25-22.13. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1726 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...
7.5AI Score
0.0004EPSS
Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory....
7.8CVSS
7.7AI Score
0.0004EPSS
Welcome to this week's edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the...
6.2AI Score
Siemens RADIUS Client of SIPROTEC 5 Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....
7.5CVSS
7.8AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1545)
The remote host is missing an update for the Huawei...
7.8CVSS
6.5AI Score
0.001EPSS