Berkeley-AL20, Berkeley-BD Security Vulnerabilities

Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1520)

The remote host is missing an update for the Huawei...

Ator - Authentication Token Obtain and Replace Extender

The plugin is created to help automated scanning using Burp in the following scenarios: Access/Refresh token Token replacement in XML,JSON body Token replacement in cookies The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become tricky...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5943-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5943-1 advisory. Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616) An attacker could construct...

Thunderbird vulnerabilities

Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...

[SECURITY] Fedora 38 Update: python-flask-2.2.3-1.fc38

Flask is called a =EF=BF=BD=EF=BF=BD=EF=BF=BDmicro-framework=EF=BF=BD=EF=BF =BD=EF=BF=BD because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask.....

Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT

Welcome to this week's edition of the Threat Source newsletter. There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to replace all our jobs, make college essays a thing of the past and change the face of cybersecurity as.....

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Summary Cloud Pak for Security (CP4S) v1.8.1.0 and earlier uses packages that are vulnerable to several CVEs. These have been remediated in the latest product release. Please see below for CVE details and the Remediation section for upgrade instructions. Vulnerability Details ** CVEID:...

Debian: Security Advisory (DLA-800-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-572-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-640-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-1199-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-1780)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-519-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-658-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-1172-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-1202-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-743-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-752-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-585-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-782-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-1153-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-1223-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-636-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-730-1)

The remote host is missing an update for the...

Debian: Security Advisory (DLA-521-1)

The remote host is missing an update for the...

Amazon Linux 2 : libdb (ALAS-2023-1965)

The version of libdb installed on the remote host is prior to 5.3.21-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1965 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...

Important: libdb

Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory....

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to...

TCG TPM2.0 implementations vulnerable to memory corruption

Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and.....

Osprey Pump Controller 1.0.1 Administrator Backdoor Access

...

Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability

Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the...

Osprey Pump Controller 1.0.1 Administrator Backdoor Access

Title: Osprey Pump Controller 1.0.1 Administrator Backdoor Access Advisory ID: ZSL-2023-5747 Type: Local/Remote Impact: System Access, Security Bypass, DoS Risk: (5/5) Release Date: 27.02.2023 Summary Providing pumping systems and automated controls for golf courses and turf irrigation,...

BD Alaris Infusion Central (Update A)

EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris Infusion Central --------- Begin Update A part 1 of 2 --------- Vulnerability: Storing Passwords in a Recoverable Format --------- End Update A part 1 of 2...

CISA Releases Fifteen Industrial Control Systems Advisories

CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...

CVE-2022-47071

In NVS365 V01, the background network test function can trigger command...

CVE-2022-47071

In NVS365 V01, the background network test function can trigger command...

Command injection

In NVS365 V01, the background network test function can trigger command...

[SECURITY] Fedora 36 Update: bind-9.16.37-1.fc36

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

CVE-2022-47071

In NVS365 V01, the background network test function can trigger command...

Fedora: Security Advisory for bind (FEDORA-2023-a3d608daf4)

The remote host is missing an update for...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5824-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5824-1 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information...

Thunderbird vulnerabilities

Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2023-0649

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2023-0648

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....

CVE-2023-0647

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...

CVE-2023-0647

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...