Lucene search

K

Berkeley-AL20, Berkeley-BD Security Vulnerabilities

cve
cve

CVE-2023-30559

The firmware update package for the wireless card is not properly signed and can be...

5.7CVSS

5.7AI Score

0.0004EPSS

2023-07-13 06:15 PM
15
prion
prion

Design/Logic Flaw

The firmware update package for the wireless card is not properly signed and can be...

5.7CVSS

6.6AI Score

0.0004EPSS

2023-07-13 06:15 PM
3
cvelist
cvelist

CVE-2023-30559 Wireless Card Firmware Improperly Signed

The firmware update package for the wireless card is not properly signed and can be...

5.2CVSS

6AI Score

0.0004EPSS

2023-07-13 05:50 PM
packetstorm

7.1AI Score

2023-07-13 12:00 AM
146
redhat
redhat

(RHSA-2023:4037) Important: bind9.16 security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.5AI Score

0.001EPSS

2023-07-12 07:52 AM
22
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6214-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6214-1 advisory. The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts...

9.8CVSS

8.9AI Score

0.004EPSS

2023-07-12 12:00 AM
3
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...

9.8CVSS

8.8AI Score

0.004EPSS

2023-07-11 12:00 AM
30
redhat
redhat

(RHSA-2023:4005) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

6.9AI Score

0.001EPSS

2023-07-10 09:14 AM
11
fedora
fedora

[SECURITY] Fedora 38 Update: python-managesieve-0.7.1-6.fc38

This module allows accessing a Sieve-Server for managing Sieve scripts ther e. It is accompanied by a simple yet functional user application =EF=BF=BD=EF...

7AI Score

2023-07-08 01:55 AM
7
fedora
fedora

[SECURITY] Fedora 37 Update: python-managesieve-0.7.1-6.fc37

This module allows accessing a Sieve-Server for managing Sieve scripts ther e. It is accompanied by a simple yet functional user application =EF=BF=BD=EF...

7AI Score

2023-07-08 01:15 AM
6
kitploit
kitploit

BugChecker - SoftICE-like Kernel Debugger For Windows 11

Introduction BugChecker is a SoftICE-like kernel and user debugger for Windows 11 (and Windows XP as well: it supports Windows versions from XP to 11, both x86 and x64). BugChecker doesn't require a second machine to be connected to the system being debugged, like in the case of WinDbg and KD....

7AI Score

2023-07-05 12:30 PM
27
openvas
openvas

Fedora: Security Advisory for cups (FEDORA-2023-fac5968b55)

The remote host is missing an update for...

7.1CVSS

7.2AI Score

0.0004EPSS

2023-07-01 12:00 AM
5
openvas
openvas

Fedora: Security Advisory for bind (FEDORA-2023-1d526d551c)

The remote host is missing an update for...

7.5CVSS

8.1AI Score

0.001EPSS

2023-07-01 12:00 AM
3
nvd
nvd

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...

5.5CVSS

5AI Score

0.0004EPSS

2023-06-30 07:15 AM
cve
cve

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...

5.5CVSS

5AI Score

0.0004EPSS

2023-06-30 07:15 AM
19
prion
prion

Hardcoded credentials

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...

5.5CVSS

4.9AI Score

0.0004EPSS

2023-06-30 07:15 AM
6
cvelist
cvelist

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...

5.3AI Score

0.0004EPSS

2023-06-30 06:22 AM
1
fedora
fedora

[SECURITY] Fedora 37 Update: bind-9.18.16-1.fc37

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7AI Score

0.001EPSS

2023-06-30 01:35 AM
16
fedora
fedora

[SECURITY] Fedora 38 Update: cups-2.4.6-1.fc38

CUPS printing system provides a portable printing layer for UNIX=EF=BF=BD=EF=BF=BD operating systems. It has been developed by Apple In c. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

7.1CVSS

6.9AI Score

0.0004EPSS

2023-06-30 01:23 AM
10
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Use of Hard-Coded Credentials (CVE-2023-2061)

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...

7.5CVSS

7.8AI Score

0.003EPSS

2023-06-30 12:00 AM
14
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Unrestricted Upload of File with Dangerous Type (CVE-2023-2063)

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure,...

7.3CVSS

7.2AI Score

0.001EPSS

2023-06-30 12:00 AM
7
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Missing Password Field Masking (CVE-2023-2062)

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.9AI Score

0.001EPSS

2023-06-30 12:00 AM
6
nessus
nessus

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Weak Password Requirements (CVE-2023-2060)

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or...

7.5CVSS

7.7AI Score

0.003EPSS

2023-06-30 12:00 AM
6
fedora
fedora

[SECURITY] Fedora 38 Update: bind-9.18.16-1.fc38

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

7.5CVSS

7.5AI Score

0.001EPSS

2023-06-25 12:52 AM
14
openvas
openvas

Fedora: Security Advisory for bind (FEDORA-2023-8e1ddb1fa2)

The remote host is missing an update for...

7.5CVSS

8.1AI Score

0.001EPSS

2023-06-25 12:00 AM
3
thn
thn

U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and...

9.8CVSS

7.8AI Score

0.967EPSS

2023-06-24 03:30 PM
53
talosblog
talosblog

Cybersecurity hotlines at colleges could go a long way toward filling the skills gap

Welcome to this week's edition of the Threat Source newsletter. I recently stumbled upon news that the University of Texas at Austin is launching a new cybersecurity clinic run by faculty and students studying security and IT at the university. This clinic offers pro-bono cybersecurity services --....

9.8CVSS

9.2AI Score

0.957EPSS

2023-06-22 06:00 PM
15
rapid7blog
rapid7blog

Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Earlier this year, Rapid7 researchers undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered in those types of applications. We chose Fortra Globalscape EFT as a target since it's reasonably popular and seemed complex enough to...

9.8CVSS

8AI Score

0.959EPSS

2023-06-22 04:16 PM
36
openbugbounty
openbugbounty

bd-cine.com Cross Site Scripting vulnerability OBB-3447184

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.1AI Score

2023-06-19 12:55 PM
7
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...

7.8CVSS

8AI Score

0.0004EPSS

2023-06-15 12:00 AM
46
nvd
nvd

CVE-2022-47376

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...

7.3CVSS

7.1AI Score

0.0004EPSS

2023-06-13 08:15 PM
cve
cve

CVE-2022-47376

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...

7.3CVSS

7.1AI Score

0.0004EPSS

2023-06-13 08:15 PM
11
prion
prion

Default credentials

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...

7.3CVSS

7AI Score

0.0004EPSS

2023-06-13 08:15 PM
2
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...

7.8CVSS

8.5AI Score

0.0004EPSS

2023-06-13 12:00 AM
19
cvelist
cvelist

CVE-2022-47376

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...

7.3AI Score

0.0004EPSS

2023-06-13 12:00 AM
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-13 12:00 AM
37
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-13 12:00 AM
10
krebs
krebs

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda...

9.8CVSS

9.1AI Score

0.071EPSS

2023-06-08 08:17 PM
30
openbugbounty
openbugbounty

bd-auto.com Cross Site Scripting vulnerability OBB-3400351

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.1AI Score

2023-06-06 11:54 PM
11
cve
cve

CVE-2023-2063

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure,...

7.3CVSS

7.1AI Score

0.001EPSS

2023-06-02 05:15 AM
22
nvd
nvd

CVE-2023-2062

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.8AI Score

0.001EPSS

2023-06-02 05:15 AM
cve
cve

CVE-2023-2062

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.6AI Score

0.001EPSS

2023-06-02 05:15 AM
41
cve
cve

CVE-2023-2061

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...

7.5CVSS

7.6AI Score

0.003EPSS

2023-06-02 05:15 AM
26
cve
cve

CVE-2023-2060

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or...

7.5CVSS

7.6AI Score

0.003EPSS

2023-06-02 05:15 AM
30
prion
prion

Authentication flaw

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.8AI Score

0.001EPSS

2023-06-02 05:15 AM
3
cvelist
cvelist

CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.8AI Score

0.001EPSS

2023-06-02 04:04 AM
openvas
openvas

Debian: Security Advisory (DLA-3438-1)

The remote host is missing an update for the...

9.8CVSS

9.6AI Score

0.001EPSS

2023-05-31 12:00 AM
5
debian
debian

[SECURITY] [DLA 3438-1] kamailio security update

Debian LTS Advisory DLA-3438-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 30, 2023 https://wiki.debian.org/LTS Package : kamailio Version : 5.2.1-1+deb10u1 CVE ID :...

9.8CVSS

9.4AI Score

0.001EPSS

2023-05-30 04:25 PM
6
nessus
nessus

Debian DLA-3438-1 : kamailio - LTS security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3438 advisory. The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or...

7.6AI Score

0.001EPSS

2023-05-30 12:00 AM
9
fedora
fedora

[SECURITY] Fedora 37 Update: python-requests-2.28.1-3.fc37

Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module prov ides most of the HTTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy...

6.1CVSS

7AI Score

0.001EPSS

2023-05-27 01:26 AM
14
Total number of security vulnerabilities5869