Lucene search

K

Berkeley-AL20, Berkeley-BD Security Vulnerabilities

openvas
openvas

Debian: Security Advisory (DLA-521-1)

The remote host is missing an update for the...

8.8CVSS

7.8AI Score

0.613EPSS

2023-03-08 12:00 AM
2
nessus
nessus

Amazon Linux 2 : libdb (ALAS-2023-1965)

The version of libdb installed on the remote host is prior to 5.3.21-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1965 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...

7.5AI Score

0.0004EPSS

2023-03-07 12:00 AM
15
amazon
amazon

Important: libdb

Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory....

7.8CVSS

7.8AI Score

0.0004EPSS

2023-03-02 09:49 PM
54
krebs
krebs

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to...

-0.2AI Score

2023-02-28 04:14 PM
28
cert
cert

TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and.....

8.8CVSS

8.6AI Score

EPSS

2023-02-28 12:00 AM
302
packetstorm

0.6AI Score

2023-02-28 12:00 AM
195
zdt
zdt

Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability

Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the...

0.9AI Score

2023-02-28 12:00 AM
256
zeroscience
zeroscience

Osprey Pump Controller 1.0.1 Administrator Backdoor Access

Title: Osprey Pump Controller 1.0.1 Administrator Backdoor Access Advisory ID: ZSL-2023-5747 Type: Local/Remote Impact: System Access, Security Bypass, DoS Risk: (5/5) Release Date: 27.02.2023 Summary Providing pumping systems and automated controls for golf courses and turf irrigation,...

9.8CVSS

9.6AI Score

0.002EPSS

2023-02-27 12:00 AM
166
ics
ics

BD Alaris Infusion Central (Update A)

EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris Infusion Central --------- Begin Update A part 1 of 2 --------- Vulnerability: Storing Passwords in a Recoverable Format --------- End Update A part 1 of 2...

7.3CVSS

1AI Score

0.0004EPSS

2023-02-23 12:00 PM
17
cisa
cisa

CISA Releases Fifteen Industrial Control Systems Advisories

CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...

1.7AI Score

2023-02-16 12:00 AM
17
cve
cve

CVE-2022-47071

In NVS365 V01, the background network test function can trigger command...

9.8CVSS

9.5AI Score

0.003EPSS

2023-02-06 05:15 PM
19
nvd
nvd

CVE-2022-47071

In NVS365 V01, the background network test function can trigger command...

9.8CVSS

9.7AI Score

0.003EPSS

2023-02-06 05:15 PM
prion
prion

Command injection

In NVS365 V01, the background network test function can trigger command...

9.8CVSS

9.6AI Score

0.003EPSS

2023-02-06 05:15 PM
5
fedora
fedora

[SECURITY] Fedora 36 Update: bind-9.16.37-1.fc36

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7.7AI Score

0.001EPSS

2023-02-06 01:33 AM
12
openvas
openvas

Fedora: Security Advisory for bind (FEDORA-2023-a3d608daf4)

The remote host is missing an update for...

7.5CVSS

8AI Score

0.001EPSS

2023-02-06 12:00 AM
3
cvelist
cvelist

CVE-2022-47071

In NVS365 V01, the background network test function can trigger command...

9.9AI Score

0.003EPSS

2023-02-06 12:00 AM
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...

9.8CVSS

9.7AI Score

0.007EPSS

2023-02-06 12:00 AM
43
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5824-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5824-1 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information...

9.8AI Score

0.007EPSS

2023-02-06 12:00 AM
16
nvd
nvd

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS

7.1AI Score

0.001EPSS

2023-02-02 03:17 PM
cve
cve

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS

8AI Score

0.001EPSS

2023-02-02 03:17 PM
52
cve
cve

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

7.5CVSS

7.9AI Score

0.001EPSS

2023-02-02 03:17 PM
51
nvd
nvd

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

7.5CVSS

7AI Score

0.001EPSS

2023-02-02 03:17 PM
1
osv
osv

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS

7.6AI Score

0.001EPSS

2023-02-02 03:17 PM
8
osv
osv

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

7.5CVSS

7.4AI Score

0.001EPSS

2023-02-02 03:17 PM
4
nvd
nvd

CVE-2023-0647

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...

7.5CVSS

7AI Score

0.001EPSS

2023-02-02 03:17 PM
cve
cve

CVE-2023-0647

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...

7.5CVSS

7.9AI Score

0.001EPSS

2023-02-02 03:17 PM
61
osv
osv

CVE-2023-0647

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...

7.5CVSS

7.4AI Score

0.001EPSS

2023-02-02 03:17 PM
3
nvd
nvd

CVE-2023-0646

A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...

7.5CVSS

7.1AI Score

0.001EPSS

2023-02-02 03:17 PM
1
osv
osv

CVE-2023-0646

A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...

7.5CVSS

7.5AI Score

0.001EPSS

2023-02-02 03:17 PM
6
cve
cve

CVE-2023-0646

A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...

7.5CVSS

8AI Score

0.001EPSS

2023-02-02 03:17 PM
56
prion
prion

Command injection

A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...

7.5CVSS

8AI Score

0.001EPSS

2023-02-02 03:17 PM
4
prion
prion

Command injection

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

7.5CVSS

8AI Score

0.001EPSS

2023-02-02 03:17 PM
7
prion
prion

Command injection

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

7.5CVSS

8AI Score

0.001EPSS

2023-02-02 03:17 PM
8
prion
prion

Command injection

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...

7.5CVSS

7.9AI Score

0.001EPSS

2023-02-02 03:17 PM
8
cvelist
cvelist

CVE-2023-0649 dst-admin sendBroadcast command injection

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

6.3CVSS

8.2AI Score

0.001EPSS

2023-02-02 01:33 PM
cvelist
cvelist

CVE-2023-0648 dst-admin masterConsole command injection

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

6.3CVSS

8.2AI Score

0.001EPSS

2023-02-02 01:29 PM
1
cvelist
cvelist

CVE-2023-0647 dst-admin kickPlayer command injection

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...

6.3CVSS

8.1AI Score

0.001EPSS

2023-02-02 01:27 PM
cvelist
cvelist

CVE-2023-0646 dst-admin cavesConsole command injection

A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...

6.3CVSS

8.2AI Score

0.001EPSS

2023-02-02 01:26 PM
openvas
openvas

Fedora: Security Advisory for bind (FEDORA-2023-95d98f89a8)

The remote host is missing an update for...

7.5CVSS

8AI Score

0.001EPSS

2023-02-01 12:00 AM
3
qualysblog
qualysblog

Why FedRAMP High Authorization Can Ensure High Cybersecurity Maturity

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government initiative that promotes the adoption of secure cloud services across the U.S. federal government by providing a standardized approach to security and risk assessment for cloud technologies. FedRAMP reduces...

0.7AI Score

2023-01-31 01:55 PM
12
fedora
fedora

[SECURITY] Fedora 37 Update: bind-9.18.11-1.fc37

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7.7AI Score

0.001EPSS

2023-01-31 02:02 AM
12
fedora
fedora

[SECURITY] Fedora 36 Update: rust-exa-0.10.1-9.fc36

exa is a modern replacement for the command-line program ls that ships with Unix and Linux operating systems, with more features and better defaul ts. It uses colours to distinguish file types and metadata. It knows about symlinks, extended attributes, and Git. And it=EF=BF=BD=EF =BF=BD=EF=BF=BDs.....

7.8CVSS

7.9AI Score

0.0005EPSS

2023-01-31 01:37 AM
3
openvas
openvas

CentOS: Security Advisory for bind (CESA-2023:0402)

The remote host is missing an update for...

6.8CVSS

7.1AI Score

0.002EPSS

2023-01-31 12:00 AM
3
centos
centos

bind security update

CentOS Errata and Security Advisory CESA-2023:0402 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...

6.8CVSS

7.7AI Score

0.002EPSS

2023-01-30 04:40 PM
353
huntr
huntr

Incorrect Calculation of Buffer Size in function yank_copy_line

Description Incorrect Calculation of Buffer Size in function yank_copy_line at register.c:1468 vim version git log commit 657aea7fc47fb919ce76fad64ba0ec55a1af80f1 (HEAD -> master, tag: v9.0.1249, origin/master, origin/HEAD) POC ``` ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...

6.6CVSS

6.9AI Score

0.001EPSS

2023-01-29 02:39 AM
12
fedora
fedora

[SECURITY] Fedora 37 Update: rust-exa-0.10.1-9.fc37

exa is a modern replacement for the command-line program ls that ships with Unix and Linux operating systems, with more features and better defaul ts. It uses colours to distinguish file types and metadata. It knows about symlinks, extended attributes, and Git. And it=EF=BF=BD=EF =BF=BD=EF=BF=BDs.....

7.8CVSS

7.9AI Score

0.0005EPSS

2023-01-29 01:35 AM
16
thn
thn

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these...

1.6AI Score

0.001EPSS

2023-01-28 07:55 AM
49
cisa
cisa

ISC Releases Security Advisories for Multiple Versions of BIND 9

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system...

7.5CVSS

2.5AI Score

0.001EPSS

2023-01-27 12:00 AM
18
krebs
krebs

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was...

0.9AI Score

2023-01-24 07:00 PM
153
redhat
redhat

(RHSA-2023:0402) Moderate: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.7AI Score

0.002EPSS

2023-01-24 09:46 AM
85
Total number of security vulnerabilities5771