Lucene search

K

Berkeley-AL20, Berkeley-BD Security Vulnerabilities

openvas
openvas

Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1520)

The remote host is missing an update for the Huawei...

7.8CVSS

6.5AI Score

0.001EPSS

2023-03-20 12:00 AM
6
kitploit
kitploit

Ator - Authentication Token Obtain and Replace Extender

The plugin is created to help automated scanning using Burp in the following scenarios: Access/Refresh token Token replacement in XML,JSON body Token replacement in cookies The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become tricky...

-0.3AI Score

2023-03-18 11:30 AM
14
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5943-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5943-1 advisory. Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616) An attacker could construct...

9.2AI Score

0.002EPSS

2023-03-13 12:00 AM
10
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...

8.8CVSS

9.3AI Score

0.002EPSS

2023-03-13 12:00 AM
42
fedora
fedora

[SECURITY] Fedora 38 Update: python-flask-2.2.3-1.fc38

Flask is called a =EF=BF=BD=EF=BF=BD=EF=BF=BDmicro-framework=EF=BF=BD=EF=BF =BD=EF=BF=BD because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask.....

1.6AI Score

2023-03-11 03:55 AM
10
talosblog
talosblog

Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT

Welcome to this week's edition of the Threat Source newsletter. There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to replace all our jobs, make college essays a thing of the past and change the face of cybersecurity as.....

7.8CVSS

7.8AI Score

0.968EPSS

2023-03-09 07:00 PM
28
ibm
ibm

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Summary Cloud Pak for Security (CP4S) v1.8.1.0 and earlier uses packages that are vulnerable to several CVEs. These have been remediated in the latest product release. Please see below for CVE details and the Remediation section for upgrade instructions. Vulnerability Details ** CVEID:...

9.8CVSS

10.3AI Score

0.971EPSS

2023-03-08 06:05 PM
135
openvas
openvas

Debian: Security Advisory (DLA-800-1)

The remote host is missing an update for the...

9.8CVSS

7.8AI Score

0.935EPSS

2023-03-08 12:00 AM
5
openvas
openvas

Debian: Security Advisory (DLA-572-1)

The remote host is missing an update for the...

8.8CVSS

8.8AI Score

0.008EPSS

2023-03-08 12:00 AM
7
openvas
openvas

Debian: Security Advisory (DLA-640-1)

The remote host is missing an update for the...

8.8CVSS

9.4AI Score

0.022EPSS

2023-03-08 12:00 AM
8
openvas
openvas

Debian: Security Advisory (DLA-1199-1)

The remote host is missing an update for the...

9.8CVSS

8.3AI Score

0.01EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-1780)

The remote host is missing an update for the...

7.5AI Score

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-519-1)

The remote host is missing an update for the...

8.8CVSS

8.8AI Score

0.024EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-658-1)

The remote host is missing an update for the...

9.8CVSS

9.6AI Score

0.041EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-1172-1)

The remote host is missing an update for the...

9.8CVSS

8.3AI Score

0.01EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-1202-1)

The remote host is missing an update for the...

7.5CVSS

7.7AI Score

0.006EPSS

2023-03-08 12:00 AM
4
openvas
openvas

Debian: Security Advisory (DLA-743-1)

The remote host is missing an update for the...

9.8CVSS

8.3AI Score

0.852EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-752-1)

The remote host is missing an update for the...

9.8CVSS

7.6AI Score

0.959EPSS

2023-03-08 12:00 AM
2
openvas
openvas

Debian: Security Advisory (DLA-585-1)

The remote host is missing an update for the...

9.8CVSS

7.1AI Score

0.052EPSS

2023-03-08 12:00 AM
6
openvas
openvas

Debian: Security Advisory (DLA-782-1)

The remote host is missing an update for the...

9.8CVSS

8.2AI Score

0.852EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-1153-1)

The remote host is missing an update for the...

9.8CVSS

7.9AI Score

0.028EPSS

2023-03-08 12:00 AM
3
openvas
openvas

Debian: Security Advisory (DLA-1223-1)

The remote host is missing an update for the...

8.8CVSS

6.5AI Score

0.012EPSS

2023-03-08 12:00 AM
5
openvas
openvas

Debian: Security Advisory (DLA-636-1)

The remote host is missing an update for the...

9.8CVSS

7.5AI Score

0.082EPSS

2023-03-08 12:00 AM
2
openvas
openvas

Debian: Security Advisory (DLA-730-1)

The remote host is missing an update for the...

9.8CVSS

7.9AI Score

0.959EPSS

2023-03-08 12:00 AM
4
openvas
openvas

Debian: Security Advisory (DLA-521-1)

The remote host is missing an update for the...

8.8CVSS

7.8AI Score

0.613EPSS

2023-03-08 12:00 AM
3
nessus
nessus

Amazon Linux 2 : libdb (ALAS-2023-1965)

The version of libdb installed on the remote host is prior to 5.3.21-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1965 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...

7.5AI Score

0.0004EPSS

2023-03-07 12:00 AM
15
amazon
amazon

Important: libdb

Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory....

7.8CVSS

7.8AI Score

0.0004EPSS

2023-03-02 09:49 PM
54
krebs
krebs

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to...

-0.2AI Score

2023-02-28 04:14 PM
28
cert
cert

TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and.....

8.8CVSS

8.6AI Score

EPSS

2023-02-28 12:00 AM
303
packetstorm

0.6AI Score

2023-02-28 12:00 AM
196
zdt
zdt

Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability

Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the...

0.9AI Score

2023-02-28 12:00 AM
258
zeroscience
zeroscience

Osprey Pump Controller 1.0.1 Administrator Backdoor Access

Title: Osprey Pump Controller 1.0.1 Administrator Backdoor Access Advisory ID: ZSL-2023-5747 Type: Local/Remote Impact: System Access, Security Bypass, DoS Risk: (5/5) Release Date: 27.02.2023 Summary Providing pumping systems and automated controls for golf courses and turf irrigation,...

9.8CVSS

9.6AI Score

0.002EPSS

2023-02-27 12:00 AM
168
ics
ics

BD Alaris Infusion Central (Update A)

EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris Infusion Central --------- Begin Update A part 1 of 2 --------- Vulnerability: Storing Passwords in a Recoverable Format --------- End Update A part 1 of 2...

7.3CVSS

1AI Score

0.0004EPSS

2023-02-23 12:00 PM
17
cisa
cisa

CISA Releases Fifteen Industrial Control Systems Advisories

CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...

1.7AI Score

2023-02-16 12:00 AM
17
cve
cve

CVE-2022-47071

In NVS365 V01, the background network test function can trigger command...

9.8CVSS

9.5AI Score

0.003EPSS

2023-02-06 05:15 PM
19
nvd
nvd

CVE-2022-47071

In NVS365 V01, the background network test function can trigger command...

9.8CVSS

9.7AI Score

0.003EPSS

2023-02-06 05:15 PM
prion
prion

Command injection

In NVS365 V01, the background network test function can trigger command...

9.8CVSS

9.6AI Score

0.003EPSS

2023-02-06 05:15 PM
5
fedora
fedora

[SECURITY] Fedora 36 Update: bind-9.16.37-1.fc36

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7.7AI Score

0.001EPSS

2023-02-06 01:33 AM
12
cvelist
cvelist

CVE-2022-47071

In NVS365 V01, the background network test function can trigger command...

9.9AI Score

0.003EPSS

2023-02-06 12:00 AM
openvas
openvas

Fedora: Security Advisory for bind (FEDORA-2023-a3d608daf4)

The remote host is missing an update for...

7.5CVSS

8AI Score

0.001EPSS

2023-02-06 12:00 AM
3
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5824-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5824-1 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information...

9.8AI Score

0.007EPSS

2023-02-06 12:00 AM
16
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...

9.8CVSS

9.7AI Score

0.007EPSS

2023-02-06 12:00 AM
43
nvd
nvd

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS

7.1AI Score

0.001EPSS

2023-02-02 03:17 PM
cve
cve

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

7.5CVSS

7.9AI Score

0.001EPSS

2023-02-02 03:17 PM
51
nvd
nvd

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

7.5CVSS

7AI Score

0.001EPSS

2023-02-02 03:17 PM
1
cve
cve

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS

8AI Score

0.001EPSS

2023-02-02 03:17 PM
52
osv
osv

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS

7.6AI Score

0.001EPSS

2023-02-02 03:17 PM
8
osv
osv

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

7.5CVSS

7.4AI Score

0.001EPSS

2023-02-02 03:17 PM
4
nvd
nvd

CVE-2023-0647

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...

7.5CVSS

7AI Score

0.001EPSS

2023-02-02 03:17 PM
cve
cve

CVE-2023-0647

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...

7.5CVSS

7.9AI Score

0.001EPSS

2023-02-02 03:17 PM
61
Total number of security vulnerabilities5869