Lucene search

K

Berkeley-AL20, Berkeley-BD Security Vulnerabilities

fedora
fedora

[SECURITY] Fedora 37 Update: cups-2.4.6-1.fc37

CUPS printing system provides a portable printing layer for UNIX=EF=BF=BD=EF=BF=BD operating systems. It has been developed by Apple In c. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

7.1CVSS

6.9AI Score

0.0004EPSS

2023-07-14 01:19 AM
5
nvd
nvd

CVE-2023-30565

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an...

3.5CVSS

0.0004EPSS

2023-07-13 08:15 PM
nvd
nvd

CVE-2023-30563

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked...

8.2CVSS

0.001EPSS

2023-07-13 08:15 PM
nvd
nvd

CVE-2023-30561

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is...

6.1CVSS

0.001EPSS

2023-07-13 08:15 PM
cve
cve

CVE-2023-30565

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an...

3.5CVSS

4.2AI Score

0.0004EPSS

2023-07-13 08:15 PM
20
cve
cve

CVE-2023-30564

Alaris Systems Manager does not perform input validation during the Device Import...

6.9CVSS

6.7AI Score

0.0004EPSS

2023-07-13 08:15 PM
15
cve
cve

CVE-2023-30561

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is...

6.1CVSS

6AI Score

0.001EPSS

2023-07-13 08:15 PM
13
cve
cve

CVE-2023-30563

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked...

8.2CVSS

8AI Score

0.001EPSS

2023-07-13 08:15 PM
17
cve
cve

CVE-2023-30562

A GRE dataset file within Systems Manager can be tampered with and distributed to...

6.7CVSS

6.5AI Score

0.0004EPSS

2023-07-13 08:15 PM
17
nvd
nvd

CVE-2023-30564

Alaris Systems Manager does not perform input validation during the Device Import...

6.9CVSS

0.0004EPSS

2023-07-13 08:15 PM
nvd
nvd

CVE-2023-30562

A GRE dataset file within Systems Manager can be tampered with and distributed to...

6.7CVSS

0.0004EPSS

2023-07-13 08:15 PM
prion
prion

Design/Logic Flaw

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an...

3.5CVSS

5.2AI Score

0.0004EPSS

2023-07-13 08:15 PM
prion
prion

Information disclosure

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is...

6.1CVSS

6.7AI Score

0.001EPSS

2023-07-13 08:15 PM
3
prion
prion

Input validation

Alaris Systems Manager does not perform input validation during the Device Import...

6.9CVSS

7.4AI Score

0.0004EPSS

2023-07-13 08:15 PM
prion
prion

Session fixation

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked...

8.2CVSS

8.6AI Score

0.001EPSS

2023-07-13 08:15 PM
5
prion
prion

Code injection

A GRE dataset file within Systems Manager can be tampered with and distributed to...

6.7CVSS

7.1AI Score

0.0004EPSS

2023-07-13 08:15 PM
5
nvd
nvd

CVE-2023-30560

The configuration from the PCU can be modified without authentication using physical connection to the...

6.8CVSS

0.001EPSS

2023-07-13 07:15 PM
cve
cve

CVE-2023-30560

The configuration from the PCU can be modified without authentication using physical connection to the...

6.8CVSS

6.5AI Score

0.001EPSS

2023-07-13 07:15 PM
11
prion
prion

Authentication flaw

The configuration from the PCU can be modified without authentication using physical connection to the...

6.8CVSS

7.2AI Score

0.001EPSS

2023-07-13 07:15 PM
2
cvelist
cvelist

CVE-2023-30565 CQI Data Sniffing

An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an...

3.5CVSS

4.4AI Score

0.0004EPSS

2023-07-13 07:06 PM
cvelist
cvelist

CVE-2023-30564 Stored Cross-Site Scripting on Device Import Functionality

Alaris Systems Manager does not perform input validation during the Device Import...

6.9CVSS

6.9AI Score

0.0004EPSS

2023-07-13 07:06 PM
cvelist
cvelist

CVE-2023-30563 Stored Cross-Site Scripting on User Import Functionality

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked...

8.2CVSS

8.3AI Score

0.001EPSS

2023-07-13 07:04 PM
cvelist
cvelist

CVE-2023-30562 Lack of Dataset Integrity Checking

A GRE dataset file within Systems Manager can be tampered with and distributed to...

3CVSS

6.7AI Score

0.0004EPSS

2023-07-13 07:03 PM
cvelist
cvelist

CVE-2023-30561 Lack of Cryptographic Security of IUI Bus

The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is...

6.1CVSS

6.2AI Score

0.001EPSS

2023-07-13 07:03 PM
cvelist
cvelist

CVE-2023-30560 PCU Configuration Lacks Authentication

The configuration from the PCU can be modified without authentication using physical connection to the...

6.8CVSS

6.8AI Score

0.001EPSS

2023-07-13 06:53 PM
nvd
nvd

CVE-2023-30559

The firmware update package for the wireless card is not properly signed and can be...

5.7CVSS

0.0004EPSS

2023-07-13 06:15 PM
cve
cve

CVE-2023-30559

The firmware update package for the wireless card is not properly signed and can be...

5.7CVSS

5.7AI Score

0.0004EPSS

2023-07-13 06:15 PM
15
prion
prion

Design/Logic Flaw

The firmware update package for the wireless card is not properly signed and can be...

5.7CVSS

6.6AI Score

0.0004EPSS

2023-07-13 06:15 PM
2
cvelist
cvelist

CVE-2023-30559 Wireless Card Firmware Improperly Signed

The firmware update package for the wireless card is not properly signed and can be...

5.2CVSS

6AI Score

0.0004EPSS

2023-07-13 05:50 PM
packetstorm

7.1AI Score

2023-07-13 12:00 AM
142
redhat
redhat

(RHSA-2023:4037) Important: bind9.16 security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.5AI Score

0.001EPSS

2023-07-12 07:52 AM
22
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6214-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6214-1 advisory. The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts...

9.8CVSS

8.9AI Score

0.001EPSS

2023-07-12 12:00 AM
3
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...

9.8CVSS

8.8AI Score

0.001EPSS

2023-07-11 12:00 AM
30
redhat
redhat

(RHSA-2023:4005) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

6.9AI Score

0.001EPSS

2023-07-10 09:14 AM
11
fedora
fedora

[SECURITY] Fedora 38 Update: python-managesieve-0.7.1-6.fc38

This module allows accessing a Sieve-Server for managing Sieve scripts ther e. It is accompanied by a simple yet functional user application =EF=BF=BD=EF...

7AI Score

2023-07-08 01:55 AM
7
fedora
fedora

[SECURITY] Fedora 37 Update: python-managesieve-0.7.1-6.fc37

This module allows accessing a Sieve-Server for managing Sieve scripts ther e. It is accompanied by a simple yet functional user application =EF=BF=BD=EF...

7AI Score

2023-07-08 01:15 AM
6
kitploit
kitploit

BugChecker - SoftICE-like Kernel Debugger For Windows 11

Introduction BugChecker is a SoftICE-like kernel and user debugger for Windows 11 (and Windows XP as well: it supports Windows versions from XP to 11, both x86 and x64). BugChecker doesn't require a second machine to be connected to the system being debugged, like in the case of WinDbg and KD....

7AI Score

2023-07-05 12:30 PM
26
openvas
openvas

Fedora: Security Advisory for cups (FEDORA-2023-fac5968b55)

The remote host is missing an update for...

7.1CVSS

7.2AI Score

0.0004EPSS

2023-07-01 12:00 AM
5
openvas
openvas

Fedora: Security Advisory for bind (FEDORA-2023-1d526d551c)

The remote host is missing an update for...

7.5CVSS

8.1AI Score

0.001EPSS

2023-07-01 12:00 AM
3
nvd
nvd

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...

5.5CVSS

5AI Score

0.0004EPSS

2023-06-30 07:15 AM
cve
cve

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...

5.5CVSS

5AI Score

0.0004EPSS

2023-06-30 07:15 AM
18
prion
prion

Hardcoded credentials

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...

5.5CVSS

4.9AI Score

0.0004EPSS

2023-06-30 07:15 AM
6
cvelist
cvelist

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...

5.3AI Score

0.0004EPSS

2023-06-30 06:22 AM
1
fedora
fedora

[SECURITY] Fedora 37 Update: bind-9.18.16-1.fc37

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7AI Score

0.001EPSS

2023-06-30 01:35 AM
16
fedora
fedora

[SECURITY] Fedora 38 Update: cups-2.4.6-1.fc38

CUPS printing system provides a portable printing layer for UNIX=EF=BF=BD=EF=BF=BD operating systems. It has been developed by Apple In c. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

7.1CVSS

6.9AI Score

0.0004EPSS

2023-06-30 01:23 AM
10
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Use of Hard-Coded Credentials (CVE-2023-2061)

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...

7.5CVSS

7.8AI Score

0.003EPSS

2023-06-30 12:00 AM
14
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Unrestricted Upload of File with Dangerous Type (CVE-2023-2063)

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure,...

7.3CVSS

7.2AI Score

0.001EPSS

2023-06-30 12:00 AM
7
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Missing Password Field Masking (CVE-2023-2062)

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.9AI Score

0.001EPSS

2023-06-30 12:00 AM
6
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Weak Password Requirements (CVE-2023-2060)

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or...

7.5CVSS

7.7AI Score

0.003EPSS

2023-06-30 12:00 AM
6
fedora
fedora

[SECURITY] Fedora 38 Update: bind-9.18.16-1.fc38

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7.5AI Score

0.001EPSS

2023-06-25 12:52 AM
14
Total number of security vulnerabilities5771