Lucene search

K

Berkeley-AL20, Berkeley-BD Security Vulnerabilities

openvas
openvas

Fedora: Security Advisory for bind (FEDORA-2023-8e1ddb1fa2)

The remote host is missing an update for...

7.5CVSS

8.1AI Score

0.001EPSS

2023-06-25 12:00 AM
3
thn
thn

U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and...

9.8CVSS

7.8AI Score

0.967EPSS

2023-06-24 03:30 PM
53
talosblog
talosblog

Cybersecurity hotlines at colleges could go a long way toward filling the skills gap

Welcome to this week's edition of the Threat Source newsletter. I recently stumbled upon news that the University of Texas at Austin is launching a new cybersecurity clinic run by faculty and students studying security and IT at the university. This clinic offers pro-bono cybersecurity services --....

9.8CVSS

9.2AI Score

0.957EPSS

2023-06-22 06:00 PM
14
rapid7blog
rapid7blog

Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Earlier this year, Rapid7 researchers undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered in those types of applications. We chose Fortra Globalscape EFT as a target since it's reasonably popular and seemed complex enough to...

9.8CVSS

8AI Score

0.959EPSS

2023-06-22 04:16 PM
35
openbugbounty
openbugbounty

bd-cine.com Cross Site Scripting vulnerability OBB-3447184

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.1AI Score

2023-06-19 12:55 PM
7
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...

7.8CVSS

8AI Score

0.0004EPSS

2023-06-15 12:00 AM
45
nvd
nvd

CVE-2022-47376

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...

7.3CVSS

7.1AI Score

0.0004EPSS

2023-06-13 08:15 PM
cve
cve

CVE-2022-47376

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...

7.3CVSS

7.1AI Score

0.0004EPSS

2023-06-13 08:15 PM
11
prion
prion

Default credentials

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...

7.3CVSS

7AI Score

0.0004EPSS

2023-06-13 08:15 PM
2
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...

7.8CVSS

8.5AI Score

0.0004EPSS

2023-06-13 12:00 AM
19
cvelist
cvelist

CVE-2022-47376

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...

7.3AI Score

0.0004EPSS

2023-06-13 12:00 AM
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-13 12:00 AM
36
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...

7.8CVSS

7.8AI Score

0.0004EPSS

2023-06-13 12:00 AM
9
krebs
krebs

Barracuda Urges Replacing — Not Patching — Its Email Security Gateways

It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda...

9.8CVSS

9.1AI Score

0.075EPSS

2023-06-08 08:17 PM
29
openbugbounty
openbugbounty

bd-auto.com Cross Site Scripting vulnerability OBB-3400351

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.1AI Score

2023-06-06 11:54 PM
11
cve
cve

CVE-2023-2063

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure,...

7.3CVSS

7.1AI Score

0.001EPSS

2023-06-02 05:15 AM
22
nvd
nvd

CVE-2023-2062

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.8AI Score

0.001EPSS

2023-06-02 05:15 AM
cve
cve

CVE-2023-2062

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.6AI Score

0.001EPSS

2023-06-02 05:15 AM
41
cve
cve

CVE-2023-2061

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...

7.5CVSS

7.6AI Score

0.003EPSS

2023-06-02 05:15 AM
26
cve
cve

CVE-2023-2060

Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or...

7.5CVSS

7.6AI Score

0.003EPSS

2023-06-02 05:15 AM
30
prion
prion

Authentication flaw

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.8AI Score

0.001EPSS

2023-06-02 05:15 AM
3
cvelist
cvelist

CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...

6.2CVSS

6.8AI Score

0.001EPSS

2023-06-02 04:04 AM
openvas
openvas

Debian: Security Advisory (DLA-3438-1)

The remote host is missing an update for the...

9.8CVSS

9.6AI Score

0.001EPSS

2023-05-31 12:00 AM
5
debian
debian

[SECURITY] [DLA 3438-1] kamailio security update

Debian LTS Advisory DLA-3438-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 30, 2023 https://wiki.debian.org/LTS Package : kamailio Version : 5.2.1-1+deb10u1 CVE ID :...

9.8CVSS

9.4AI Score

0.001EPSS

2023-05-30 04:26 PM
6
nessus
nessus

Debian DLA-3438-1 : kamailio - LTS security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3438 advisory. The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or...

7.6AI Score

0.001EPSS

2023-05-30 12:00 AM
9
fedora
fedora

[SECURITY] Fedora 37 Update: python-requests-2.28.1-3.fc37

Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module prov ides most of the HTTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy...

6.1CVSS

7AI Score

0.001EPSS

2023-05-27 01:26 AM
14
fedora
fedora

[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38

FastAPI is a modern, fast (high-performance), web framework for building AP Is with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with Node JS and Go (thanks to Starlette and Pydantic). One of the...

7.1AI Score

2023-05-26 01:52 AM
12
fedora
fedora

[SECURITY] Fedora 38 Update: python-starlette-0.27.0-1.fc38

Starlette is a lightweight ASGI framework/toolkit, which is ideal for build ing async web services in Python. It is production-ready, and gives you the following: =EF=BF=BD=EF=BF=BD=EF=BF=BD A lightweight, low-complexity HTTP web framew ork. =EF=BF=BD=EF=BF=BD=EF=BF=BD WebSocket support. ...

7AI Score

2023-05-26 01:52 AM
5
fedora
fedora

[SECURITY] Fedora 37 Update: python-starlette-0.20.4-3.fc37

Starlette is a lightweight ASGI framework/toolkit, which is ideal for build ing async web services in Python. It is production-ready, and gives you the following: =EF=BF=BD=EF=BF=BD=EF=BF=BD A lightweight, low-complexity HTTP web framew ork. =EF=BF=BD=EF=BF=BD=EF=BF=BD WebSocket support. ...

7AI Score

2023-05-26 01:32 AM
8
fedora
fedora

[SECURITY] Fedora 38 Update: python-requests-2.28.2-2.fc38

Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module prov ides most of the HTTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy...

6.1CVSS

7AI Score

0.001EPSS

2023-05-25 01:12 AM
27
rapid7blog
rapid7blog

Introducing: ‘Saved Filters’ in InsightCloudSec

Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....

6.7AI Score

2023-05-18 08:04 PM
31
redhat
redhat

(RHSA-2023:3002) Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.4AI Score

0.002EPSS

2023-05-16 06:00 AM
44
redhat
redhat

(RHSA-2023:2792) Moderate: bind9.16 security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.4AI Score

0.002EPSS

2023-05-16 05:54 AM
52
osv
osv

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

5.3CVSS

6.7AI Score

0.002EPSS

2023-05-16 12:00 AM
7
almalinux
almalinux

Moderate: bind9.16 security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.5CVSS

6.7AI Score

0.002EPSS

2023-05-16 12:00 AM
14
nessus
nessus

Siemens SIPROTEC 5 Devices Null Pointer Dereference (CVE-2023-28766)

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All ver...

7.6AI Score

0.002EPSS

2023-05-16 12:00 AM
9
almalinux
almalinux

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

5.3CVSS

6.7AI Score

0.002EPSS

2023-05-16 12:00 AM
14
osv
osv

Moderate: bind9.16 security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.5CVSS

6.7AI Score

0.002EPSS

2023-05-16 12:00 AM
5
nessus
nessus

Siemens RADIUS Client of SIPROTEC 5 Devices Loop with Unreachable Exit Condition (CVE-2022-38767)

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

7.6AI Score

0.001EPSS

2023-05-16 12:00 AM
11
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6075-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6075-1 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to...

9.1AI Score

0.002EPSS

2023-05-15 12:00 AM
9
ubuntu
ubuntu

Thunderbird vulnerabilities

Releases Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-15 12:00 AM
28
thn
thn

New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows

A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with...

7.5AI Score

0.0004EPSS

2023-05-12 01:24 PM
45
redhat
redhat

(RHSA-2023:2261) Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.8AI Score

0.002EPSS

2023-05-09 05:05 AM
19
almalinux
almalinux

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.5CVSS

7.9AI Score

0.002EPSS

2023-05-09 12:00 AM
16
osv
osv

Moderate: bind security and bug fix update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

7.5CVSS

6.7AI Score

0.002EPSS

2023-05-09 12:00 AM
3
openvas
openvas

Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1778)

The remote host is missing an update for the Huawei...

7.8CVSS

6.5AI Score

0.001EPSS

2023-05-08 12:00 AM
1
openvas
openvas

Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1756)

The remote host is missing an update for the Huawei...

7.8CVSS

6.5AI Score

0.001EPSS

2023-05-08 12:00 AM
2
openvas
openvas

Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2023-1734)

The remote host is missing an update for the Huawei...

3.3CVSS

6.8AI Score

0.001EPSS

2023-05-08 12:00 AM
3
nessus
nessus

EulerOS Virtualization 3.0.2.0 : libdb (EulerOS-SA-2023-1734)

According to the versions of the libdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior...

5.8AI Score

0.001EPSS

2023-05-07 12:00 AM
5
rapid7blog
rapid7blog

AppDomain Manager Injection: New Techniques For Red Teams

AppDomain Manager Injection is a very versatile and useful technique for red team operators. This technique allows you to effectively turn any Microsoft.NET application on a Windows host into a lolbin (Living Off the Land Binary) by forcing the application to load a specially crafted .NET...

7.7AI Score

2023-05-05 04:39 PM
22
Total number of security vulnerabilities5771