8.8CVSS
7.8AI Score
0.613EPSS
Amazon Linux 2 : libdb (ALAS-2023-1965)
The version of libdb installed on the remote host is prior to 5.3.21-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1965 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...
7.5AI Score
0.0004EPSS
Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory....
7.8CVSS
7.8AI Score
0.0004EPSS
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to...
-0.2AI Score
TCG TPM2.0 implementations vulnerable to memory corruption
Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and.....
8.8CVSS
8.6AI Score
EPSS
0.6AI Score
Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability
Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the...
0.9AI Score
Osprey Pump Controller 1.0.1 Administrator Backdoor Access
Title: Osprey Pump Controller 1.0.1 Administrator Backdoor Access Advisory ID: ZSL-2023-5747 Type: Local/Remote Impact: System Access, Security Bypass, DoS Risk: (5/5) Release Date: 27.02.2023 Summary Providing pumping systems and automated controls for golf courses and turf irrigation,...
9.8CVSS
9.6AI Score
0.002EPSS
BD Alaris Infusion Central (Update A)
EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris Infusion Central --------- Begin Update A part 1 of 2 --------- Vulnerability: Storing Passwords in a Recoverable Format --------- End Update A part 1 of 2...
7.3CVSS
1AI Score
0.0004EPSS
CISA Releases Fifteen Industrial Control Systems Advisories
CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...
1.7AI Score
9.8CVSS
9.5AI Score
0.003EPSS
9.8CVSS
9.7AI Score
0.003EPSS
9.8CVSS
9.6AI Score
0.003EPSS
[SECURITY] Fedora 36 Update: bind-9.16.37-1.fc36
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.5CVSS
7.7AI Score
0.001EPSS
Fedora: Security Advisory for bind (FEDORA-2023-a3d608daf4)
The remote host is missing an update for...
7.5CVSS
8AI Score
0.001EPSS
9.9AI Score
0.003EPSS
Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...
9.8CVSS
9.7AI Score
0.007EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5824-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5824-1 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information...
9.8AI Score
0.007EPSS
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...
7.5CVSS
7.1AI Score
0.001EPSS
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...
7.5CVSS
8AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....
7.5CVSS
7.9AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....
7.5CVSS
7AI Score
0.001EPSS
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...
7.5CVSS
7.6AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...
7.5CVSS
7AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...
7.5CVSS
7.9AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...
7.5CVSS
7.1AI Score
0.001EPSS
A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...
7.5CVSS
8AI Score
0.001EPSS
A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...
7.5CVSS
8AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....
7.5CVSS
8AI Score
0.001EPSS
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...
7.5CVSS
8AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...
7.5CVSS
7.9AI Score
0.001EPSS
CVE-2023-0649 dst-admin sendBroadcast command injection
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...
6.3CVSS
8.2AI Score
0.001EPSS
CVE-2023-0648 dst-admin masterConsole command injection
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....
6.3CVSS
8.2AI Score
0.001EPSS
CVE-2023-0647 dst-admin kickPlayer command injection
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...
6.3CVSS
8.1AI Score
0.001EPSS
CVE-2023-0646 dst-admin cavesConsole command injection
A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed...
6.3CVSS
8.2AI Score
0.001EPSS
Fedora: Security Advisory for bind (FEDORA-2023-95d98f89a8)
The remote host is missing an update for...
7.5CVSS
8AI Score
0.001EPSS
Why FedRAMP High Authorization Can Ensure High Cybersecurity Maturity
The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government initiative that promotes the adoption of secure cloud services across the U.S. federal government by providing a standardized approach to security and risk assessment for cloud technologies. FedRAMP reduces...
0.7AI Score
[SECURITY] Fedora 37 Update: bind-9.18.11-1.fc37
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.5CVSS
7.7AI Score
0.001EPSS
[SECURITY] Fedora 36 Update: rust-exa-0.10.1-9.fc36
exa is a modern replacement for the command-line program ls that ships with Unix and Linux operating systems, with more features and better defaul ts. It uses colours to distinguish file types and metadata. It knows about symlinks, extended attributes, and Git. And it=EF=BF=BD=EF =BF=BD=EF=BF=BDs.....
7.8CVSS
7.9AI Score
0.0005EPSS
CentOS: Security Advisory for bind (CESA-2023:0402)
The remote host is missing an update for...
6.8CVSS
7.1AI Score
0.002EPSS
CentOS Errata and Security Advisory CESA-2023:0402 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...
6.8CVSS
7.7AI Score
0.002EPSS
Incorrect Calculation of Buffer Size in function yank_copy_line
Description Incorrect Calculation of Buffer Size in function yank_copy_line at register.c:1468 vim version git log commit 657aea7fc47fb919ce76fad64ba0ec55a1af80f1 (HEAD -> master, tag: v9.0.1249, origin/master, origin/HEAD) POC ``` ./vim -u NONE -i NONE -n -m -X -Z -e -s -S...
6.6CVSS
6.9AI Score
0.001EPSS
[SECURITY] Fedora 37 Update: rust-exa-0.10.1-9.fc37
exa is a modern replacement for the command-line program ls that ships with Unix and Linux operating systems, with more features and better defaul ts. It uses colours to distinguish file types and metadata. It knows about symlinks, extended attributes, and Git. And it=EF=BF=BD=EF =BF=BD=EF=BF=BDs.....
7.8CVSS
7.9AI Score
0.0005EPSS
ISC Releases Security Patches for New BIND DNS Software Vulnerabilities
The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. "A remote attacker could exploit these...
1.6AI Score
0.001EPSS
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system...
7.5CVSS
2.5AI Score
0.001EPSS
Administrator of RSOCKS Proxy Botnet Pleads Guilty
Denis Emelyantsev, a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was...
0.9AI Score
(RHSA-2023:0402) Moderate: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.7AI Score
0.002EPSS