Lucene search

K

Berkeley-AL20, Berkeley-BD Security Vulnerabilities

prion
prion

Spoofing

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Prevent divide-by-zero error triggered by the user The user_entry_size is supplied by the user and later used as a denominator to calculate number of entries. The zero supplied by the user will trigger the following...

6.9AI Score

0.0004EPSS

2024-03-01 10:15 PM
3
cvelist
cvelist

CVE-2021-47080 RDMA/core: Prevent divide-by-zero error triggered by the user

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Prevent divide-by-zero error triggered by the user The user_entry_size is supplied by the user and later used as a denominator to calculate number of entries. The zero supplied by the user will trigger the following...

6.5AI Score

0.0004EPSS

2024-03-01 09:15 PM
vulnrichment
vulnrichment

CVE-2021-47080 RDMA/core: Prevent divide-by-zero error triggered by the user

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Prevent divide-by-zero error triggered by the user The user_entry_size is supplied by the user and later used as a denominator to calculate number of entries. The zero supplied by the user will trigger the following...

6.6AI Score

0.0004EPSS

2024-03-01 09:15 PM
ubuntucve
ubuntucve

CVE-2021-47080

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Prevent divide-by-zero error triggered by the user The user_entry_size is supplied by the user and later used as a denominator to calculate number of entries. The zero supplied by the user will trigger the following...

6.7AI Score

0.0004EPSS

2024-03-01 12:00 AM
8
openbugbounty
openbugbounty

bd-products.com Cross Site Scripting vulnerability OBB-3861887

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-29 12:33 PM
5
cve
cve

CVE-2024-26559

An issue in uverif v.2.0 allows a remote attacker to obtain sensitive...

6.6AI Score

0.0004EPSS

2024-02-28 11:15 PM
2188
nvd
nvd

CVE-2024-26559

An issue in uverif v.2.0 allows a remote attacker to obtain sensitive...

6.4AI Score

0.0004EPSS

2024-02-28 11:15 PM
prion
prion

Information disclosure

An issue in uverif v.2.0 allows a remote attacker to obtain sensitive...

7.2AI Score

0.0004EPSS

2024-02-28 11:15 PM
8
cvelist
cvelist

CVE-2024-26559

An issue in uverif v.2.0 allows a remote attacker to obtain sensitive...

6.6AI Score

0.0004EPSS

2024-02-28 12:00 AM
fedora
fedora

[SECURITY] Fedora 39 Update: bind9-next-9.19.21-1.fc39

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7.7AI Score

0.05EPSS

2024-02-26 01:12 AM
7
fedora
fedora

[SECURITY] Fedora 38 Update: bind9-next-9.19.21-1.fc38

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7.7AI Score

0.05EPSS

2024-02-26 12:47 AM
9
openvas
openvas

Fedora: Security Advisory for bind9-next (FEDORA-2024-499b9be35f)

The remote host is missing an update for...

7.5CVSS

8AI Score

0.05EPSS

2024-02-26 12:00 AM
8
openvas
openvas

Fedora: Security Advisory for bind9-next (FEDORA-2024-c36c448396)

The remote host is missing an update for...

7.5CVSS

8AI Score

0.05EPSS

2024-02-26 12:00 AM
5
openbugbounty
openbugbounty

bd-best.com Cross Site Scripting vulnerability OBB-3857129

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-23 02:32 PM
3
openvas
openvas

Fedora: Security Advisory for bind (FEDORA-2024-21310568fa)

The remote host is missing an update for...

7.5CVSS

8AI Score

0.05EPSS

2024-02-20 12:00 AM
2
fedora
fedora

[SECURITY] Fedora 39 Update: bind-9.18.24-1.fc39

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7.2AI Score

0.05EPSS

2024-02-19 02:29 AM
16
cve
cve

CVE-2024-23308

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-02-14 05:15 PM
16
nvd
nvd

CVE-2024-23308

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-02-14 05:15 PM
4
prion
prion

Design/Logic Flaw

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed...

7.5CVSS

7.1AI Score

0.0004EPSS

2024-02-14 05:15 PM
5
cvelist
cvelist

CVE-2024-23308 BIG-IP Advanced WAF and ASM vulnerability

When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed...

7.5CVSS

7.7AI Score

0.0004EPSS

2024-02-14 04:30 PM
openbugbounty
openbugbounty

bd-products.com Cross Site Scripting vulnerability OBB-3852498

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-02-14 11:27 AM
3
nessus
nessus

F5 Networks BIG-IP : BIG-IP Advanced WAF and BIG-IP ASM vulnerability (K000137416)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137416 advisory. When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server,...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-02-14 12:00 AM
9
f5
f5

K000137416 : BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2024-23308

Security Advisory Description When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based...

7.5CVSS

7.2AI Score

0.0004EPSS

2024-02-14 12:00 AM
10
f5
f5

K000137270 : BIG-IP Advanced WAF and BIG-IP ASM and vulnerability CVE-2024-21789

Security Advisory Description When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. (CVE-2024-21789) Impact System performance can degrade until the bd process is either forced to restart or is...

7.5CVSS

7.3AI Score

0.0004EPSS

2024-02-14 12:00 AM
8
centos
centos

bind security update

CentOS Errata and Security Advisory CESA-2023:5691 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...

7.5CVSS

7.3AI Score

0.002EPSS

2024-01-12 07:23 PM
34
thn
thn

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Cybersecurity researchers have developed a proof-of-concept (PoC) code that exploits a recently disclosed critical flaw in the Apache OfBiz open-source Enterprise Resource Planning (ERP) system to execute a memory-resident payload. The vulnerability in question is CVE-2023-51467 (CVSS score: 9.8),....

10CVSS

8.9AI Score

0.976EPSS

2024-01-11 02:16 PM
98
openbugbounty
openbugbounty

bd-products.com Cross Site Scripting vulnerability OBB-3827883

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-01-03 09:33 PM
5
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Thunderbird vulnerabilities (USN-6563-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6563-1 advisory. When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown...

8.8CVSS

9AI Score

0.005EPSS

2024-01-02 12:00 AM
8
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...

8.8CVSS

9AI Score

0.005EPSS

2024-01-02 12:00 AM
21
qualysblog
qualysblog

SSH Attack Surface (CVE-2023-48795): Find and Patch With CyberSecurity Asset Management Before the Grinch Arrives

Secure Shell Protocol (SSH) has been a cornerstone of cryptography and security since it was developed in early 1995. Organizations rely on SSH for secure communications within several popular software products. The recent Terrapin Attack highlights the importance of maintaining full visibility of....

5.9CVSS

7.1AI Score

0.963EPSS

2023-12-22 02:17 AM
38
kitploit
kitploit

VED-eBPF - Kernel Exploit And Rootkit Detection Using eBPF

VED (Vault Exploit Defense)-eBPF leverages eBPF (extended Berkeley Packet Filter) to implement runtime kernel security monitoring and exploit detection for Linux systems. Introduction eBPF is an in-kernel virtual machine that allows code execution in the kernel without modifying the kernel source.....

7.8AI Score

2023-12-18 11:30 AM
10
prion
prion

Sql injection

There is a SQL injection vulnerability in some ZTE mobile internet products. Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information...

8CVSS

7.8AI Score

0.0004EPSS

2023-12-14 07:15 AM
5
thn
thn

Unveiling the Cyber Threats to Healthcare: Beyond the Myths

Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum? Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to...

4.3CVSS

7.4AI Score

0.0004EPSS

2023-12-12 06:09 PM
12
ibm
ibm

Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to OpenSSL vulnerability CVE-2018-5407

Summary IBM has released the following Unified Extensible Firmware Interface (UEFI) fixes for System x, Flex and BladeCenter systems in response to OpenSSL vulnerability CVE-2018-5407. Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and...

4.7CVSS

0.4AI Score

0.001EPSS

2023-12-07 10:45 PM
29
ibm
ibm

Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2018-9085)

Summary IBM System x, Flex and BladeCenter systems have addressed the following denial of service vulnerability in Unified Extensible Firmware Interface (UEFI). Vulnerability Details CVEID: CVE-2018-9085 DESCRIPTION: Lenovo System x is vulnerable to a denial of service, caused by missing flash...

4.9CVSS

0.5AI Score

0.001EPSS

2023-12-07 10:45 PM
7
ibm
ibm

Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities.

Summary IBM has released the following Unified Extensible Firmware Interface (UEFI) fixes for System x, Flex and BladeCenter systems in response to Intel Microarchitectural Data Sampling (MDS) Side Channel vulnerabilities. Vulnerability Details CVEID: CVE-2019-11091 DESCRIPTION: Intel...

5.6CVSS

0.8AI Score

0.001EPSS

2023-12-07 10:45 PM
10
ibm
ibm

Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2017-5703)

Summary IBM System x, Flex and BladeCenter systems have addressed the following denial of service vulnerability in Unified Extensible Firmware Interface (UEFI). Vulnerability Details CVEID: CVE-2017-5703 DESCRIPTION: Multiple Intel platforms are vulnerable to a denial of service, caused by the...

6CVSS

0.8AI Score

0.0004EPSS

2023-12-07 10:31 PM
9
ibm
ibm

Security Bulletin: OpenSSL vulnerabilities affect IBM Unified Extensible Firmware Interface (UEFI)

Summary IBM System x, Flex and BladeCenter systems have addressed the following OpenSSL vulnerabilities in Unified Extensible Firmware Interface (UEFI). Vulnerability Details CVEID: CVE-2017-3738 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an...

5.9CVSS

0.4AI Score

0.946EPSS

2023-12-07 10:31 PM
35
ibm
ibm

Security Bulletin: IBM has released Unified Extensible Firmware Interface (UEFI) fixes in response to Spectre variants 4 and 3a (CVE-2018-3639 CVE-2018-3640)

Summary IBM has released the following Unified Extensible Firmware Interface (UEFI) fixes for System x, Flex and BladeCenter systems in response to the vulnerabilities referred to as Spectre variants 4 and 3a. Vulnerability Details CVEID: CVE-2018-3639 DESCRIPTION: Multiple Intel CPU''s could...

5.5CVSS

0.2AI Score

0.003EPSS

2023-12-07 10:31 PM
48
cve
cve

CVE-2023-29066

The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data...

3.5CVSS

4AI Score

0.0004EPSS

2023-11-28 09:15 PM
7
nvd
nvd

CVE-2023-29066

The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data...

3.5CVSS

0.0004EPSS

2023-11-28 09:15 PM
nvd
nvd

CVE-2023-29061

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot...

5.2CVSS

0.0004EPSS

2023-11-28 09:15 PM
3
nvd
nvd

CVE-2023-29064

The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative...

4.3CVSS

0.0004EPSS

2023-11-28 09:15 PM
3
cve
cve

CVE-2023-29065

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the...

4.3CVSS

4.5AI Score

0.0004EPSS

2023-11-28 09:15 PM
10
cve
cve

CVE-2023-29064

The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative...

4.3CVSS

4.6AI Score

0.0004EPSS

2023-11-28 09:15 PM
13
nvd
nvd

CVE-2023-29062

The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes.....

3.8CVSS

0.0004EPSS

2023-11-28 09:15 PM
cve
cve

CVE-2023-29063

The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation...

2.4CVSS

3.6AI Score

0.0004EPSS

2023-11-28 09:15 PM
9
nvd
nvd

CVE-2023-29065

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the...

4.3CVSS

0.0004EPSS

2023-11-28 09:15 PM
cve
cve

CVE-2023-29061

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot...

5.2CVSS

5.2AI Score

0.0004EPSS

2023-11-28 09:15 PM
11
cve
cve

CVE-2023-29062

The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes.....

3.8CVSS

4.3AI Score

0.0004EPSS

2023-11-28 09:15 PM
10
Total number of security vulnerabilities5869