Berkeley-AL20, Berkeley-BD Security Vulnerabilities

Kscan - Simple Asset Mapping Tool

0 Disclaimer (The author did not participate in the XX action, don't trace it ) This tool is only for legally authorized enterprise security construction behaviors and personal learning behaviors. If you need to test the usability of this tool, please build a target drone environment by...

(RHSA-2023:0191) Moderate: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411) (CVE-2023-21835) OpenJDK: soundbank URL remote loading (Sound, 8293742)...

BDWeb-Link LMS 1.11.5 Insecure Direct Object Reference

...

Siemens SIPROTEC 5 Devices Uncontrolled Resource Consumption (CVE-2022-45044)

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP200) (All versions), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions), SIPROTEC 5...

bd-journal.com Cross Site Scripting vulnerability OBB-3128366

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

BDWeb-Link LMS 1.11.5 SQL Injection

...

[SECURITY] Fedora 37 Update: protobuf-3.19.6-1.fc37

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

Siemens SIPROTEC 5 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services |.....

CVE-2022-45044

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP30...

CVE-2022-45044

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP30...

Design/Logic Flaw

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP30...

CVE-2022-45044

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP30...

[SECURITY] Fedora 37 Update: xfce4-places-plugin-1.8.3-1.fc37

A menu with quick access to folders, documents, and removable media. The Places plugin brings much of the functionality of GNOME=EF=BF=BD=EF=BF=BD =EF=BF=BDs Places menu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1) System-defined...

Senayan Library Management System 9.4.0 Cross Site Scripting

...

Senayan Library Management System 9.4.0 Cross Site Scripting Vulnerability

...

[SECURITY] Fedora 37 Update: sfnt2woff-zopfli-1.3.1-3.fc37

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =EF=BF=BD=EF=BF=BD=EF=BF=BD on average =EF=BF=BD=EF=BF=BD=EF=BF=BD 5-8% compared to regular WOFF files. Zopfli generates compressed output that is...

[SECURITY] Fedora 36 Update: sfnt2woff-zopfli-1.3.1-3.fc36

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =EF=BF=BD=EF=BF=BD=EF=BF=BD on average =EF=BF=BD=EF=BF=BD=EF=BF=BD 5-8% compared to regular WOFF files. Zopfli generates compressed output that is...

[SECURITY] Fedora 35 Update: sfnt2woff-zopfli-1.3.1-3.fc35

This is a modified version of the sfnt2woff utility that uses Zopfli as a compression algorithm instead of zlib. This results in compression gains of =EF=BF=BD=EF=BF=BD=EF=BF=BD on average =EF=BF=BD=EF=BF=BD=EF=BF=BD 5-8% compared to regular WOFF files. Zopfli generates compressed output that is...

CVE-2022-4364

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely.....

CVE-2022-4364

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely.....

Command injection

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely.....

CVE-2022-4364 Teledyne FLIR AX8 Web Service palette.php command injection

A vulnerability classified as critical has been found in Teledyne FLIR AX8 up to 1.46.16. Affected is an unknown function of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. It is possible to launch the attack remotely.....

CVE-2022-43557

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected...

CVE-2022-43557

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected...

Code injection

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected...

CVE-2022-43557 BD BodyGuard™ Pumps – RS-232 Interface Vulnerability

The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected...

CVE-2022-4277

A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to....

Sql injection

A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to....

[SECURITY] Fedora 37 Update: sonic-visualiser-4.5-3.fc37

Sonic Visualiser is an application for viewing and analyzing the contents of music audio files. The aim of Sonic Visualiser is to be the first program you reach for when want to study a musical recording rather than simply listen to it. As well as a number of features designed to make exploring...

[SECURITY] Fedora 37 Update: capnproto-0.9.2-1.fc37

Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange format and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is INFINITY TIMES faster than Protoco l Buffers. ...

[SECURITY] Fedora 36 Update: sonic-visualiser-4.5-2.fc36

Sonic Visualiser is an application for viewing and analyzing the contents of music audio files. The aim of Sonic Visualiser is to be the first program you reach for when want to study a musical recording rather than simply listen to it. As well as a number of features designed to make exploring...

[SECURITY] Fedora 36 Update: capnproto-0.9.2-1.fc36

Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is an insanely fast data interchange format and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap=EF=BF=BD=EF=BF=BD=EF=BF=BDn Proto is INFINITY TIMES faster than Protoco l Buffers. ...

CVE-2022-4277 Shaoxing Background Management System Bd sql injection

A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to....

BD BodyGuard Pumps

EXECUTIVE SUMMARY CVSS v3 5.3 Vendor: Becton, Dickinson and Company (BD) Equipment: BodyGuard Pumps Vulnerability: Missing Protection Mechanism for Alternate Hardware Interface 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to change configuration...

CISA Releases Three Industrial Control Systems Advisories

CISA has released three (3) Industrial Control Systems (ICS) advisories on December 1, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...

SUSE SLES12 Security Update : libdb-4_8 (SUSE-SU-2022:4289-1)

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4289-1 advisory. Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to...

[SECURITY] Fedora 36 Update: varnish-7.0.3-2.fc36

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=EF=BF=BD=EF=BF =BD=EF=BF=BDt have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a...

[SECURITY] Fedora 37 Update: varnish-7.1.2-1.fc37

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=EF=BF=BD=EF=BF =BD=EF=BF=BDt have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a...

bind security update

An update is available for bind. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation of the Domain...

Moderate: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Moderate: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Thunderbird vulnerabilities

Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5724-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5724-1 advisory. Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly...