The firmware update package for the wireless card is not properly signed and can be...
5.7CVSS
5.7AI Score
0.0004EPSS
The firmware update package for the wireless card is not properly signed and can be...
5.7CVSS
6.6AI Score
0.0004EPSS
CVE-2023-30559 Wireless Card Firmware Improperly Signed
The firmware update package for the wireless card is not properly signed and can be...
5.2CVSS
6AI Score
0.0004EPSS
7.1AI Score
(RHSA-2023:4037) Important: bind9.16 security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5AI Score
0.001EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6214-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6214-1 advisory. The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts...
9.8CVSS
8.9AI Score
0.004EPSS
Releases Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...
9.8CVSS
8.8AI Score
0.004EPSS
(RHSA-2023:4005) Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
6.9AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: python-managesieve-0.7.1-6.fc38
This module allows accessing a Sieve-Server for managing Sieve scripts ther e. It is accompanied by a simple yet functional user application =EF=BF=BD=EF...
7AI Score
[SECURITY] Fedora 37 Update: python-managesieve-0.7.1-6.fc37
This module allows accessing a Sieve-Server for managing Sieve scripts ther e. It is accompanied by a simple yet functional user application =EF=BF=BD=EF...
7AI Score
BugChecker - SoftICE-like Kernel Debugger For Windows 11
Introduction BugChecker is a SoftICE-like kernel and user debugger for Windows 11 (and Windows XP as well: it supports Windows versions from XP to 11, both x86 and x64). BugChecker doesn't require a second machine to be connected to the system being debugged, like in the case of WinDbg and KD....
7AI Score
Fedora: Security Advisory for cups (FEDORA-2023-fac5968b55)
The remote host is missing an update for...
7.1CVSS
7.2AI Score
0.0004EPSS
Fedora: Security Advisory for bind (FEDORA-2023-1d526d551c)
The remote host is missing an update for...
7.5CVSS
8.1AI Score
0.001EPSS
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...
5.5CVSS
5AI Score
0.0004EPSS
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...
5.5CVSS
5AI Score
0.0004EPSS
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...
5.5CVSS
4.9AI Score
0.0004EPSS
"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external...
5.3AI Score
0.0004EPSS
[SECURITY] Fedora 37 Update: bind-9.18.16-1.fc37
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.5CVSS
7AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: cups-2.4.6-1.fc38
CUPS printing system provides a portable printing layer for UNIX=EF=BF=BD=EF=BF=BD operating systems. It has been developed by Apple In c. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...
7.1CVSS
6.9AI Score
0.0004EPSS
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Use of Hard-Coded Credentials (CVE-2023-2061)
Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...
7.5CVSS
7.8AI Score
0.003EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure,...
7.3CVSS
7.2AI Score
0.001EPSS
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Missing Password Field Masking (CVE-2023-2062)
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.9AI Score
0.001EPSS
Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series Weak Password Requirements (CVE-2023-2060)
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or...
7.5CVSS
7.7AI Score
0.003EPSS
[SECURITY] Fedora 38 Update: bind-9.18.16-1.fc38
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.5CVSS
7.5AI Score
0.001EPSS
Fedora: Security Advisory for bind (FEDORA-2023-8e1ddb1fa2)
The remote host is missing an update for...
7.5CVSS
8.1AI Score
0.001EPSS
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and...
9.8CVSS
7.8AI Score
0.967EPSS
Cybersecurity hotlines at colleges could go a long way toward filling the skills gap
Welcome to this week's edition of the Threat Source newsletter. I recently stumbled upon news that the University of Texas at Austin is launching a new cybersecurity clinic run by faculty and students studying security and IT at the university. This clinic offers pro-bono cybersecurity services --....
9.8CVSS
9.2AI Score
0.957EPSS
Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]
Earlier this year, Rapid7 researchers undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered in those types of applications. We chose Fortra Globalscape EFT as a target since it's reasonably popular and seemed complex enough to...
9.8CVSS
8AI Score
0.959EPSS
bd-cine.com Cross Site Scripting vulnerability OBB-3447184
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Unbreakable Enterprise kernel security update
[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...
7.8CVSS
8AI Score
0.0004EPSS
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...
7.3CVSS
7.1AI Score
0.0004EPSS
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...
7.3CVSS
7.1AI Score
0.0004EPSS
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...
7.3CVSS
7AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...
7.8CVSS
8.5AI Score
0.0004EPSS
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...
7.3AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda...
9.8CVSS
9.1AI Score
0.071EPSS
bd-auto.com Cross Site Scripting vulnerability OBB-3400351
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure,...
7.3CVSS
7.1AI Score
0.001EPSS
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.8AI Score
0.001EPSS
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.6AI Score
0.001EPSS
Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...
7.5CVSS
7.6AI Score
0.003EPSS
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or...
7.5CVSS
7.6AI Score
0.003EPSS
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.8AI Score
0.001EPSS
CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.8AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.001EPSS
[SECURITY] [DLA 3438-1] kamailio security update
Debian LTS Advisory DLA-3438-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 30, 2023 https://wiki.debian.org/LTS Package : kamailio Version : 5.2.1-1+deb10u1 CVE ID :...
9.8CVSS
9.4AI Score
0.001EPSS
Debian DLA-3438-1 : kamailio - LTS security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3438 advisory. The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or...
7.6AI Score
0.001EPSS
[SECURITY] Fedora 37 Update: python-requests-2.28.1-3.fc37
Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module prov ides most of the HTTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy...
6.1CVSS
7AI Score
0.001EPSS