Fedora: Security Advisory for bind (FEDORA-2023-8e1ddb1fa2)
The remote host is missing an update for...
7.5CVSS
8.1AI Score
0.001EPSS
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week (CVE-2023-32434, CVE-2023-32435, and...
9.8CVSS
7.8AI Score
0.967EPSS
Cybersecurity hotlines at colleges could go a long way toward filling the skills gap
Welcome to this week's edition of the Threat Source newsletter. I recently stumbled upon news that the University of Texas at Austin is launching a new cybersecurity clinic run by faculty and students studying security and IT at the university. This clinic offers pro-bono cybersecurity services --....
9.8CVSS
9.2AI Score
0.957EPSS
Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]
Earlier this year, Rapid7 researchers undertook a project to analyze managed file transfer applications, due to the number of recent vulnerabilities discovered in those types of applications. We chose Fortra Globalscape EFT as a target since it's reasonably popular and seemed complex enough to...
9.8CVSS
8AI Score
0.959EPSS
bd-cine.com Cross Site Scripting vulnerability OBB-3447184
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Unbreakable Enterprise kernel security update
[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...
7.8CVSS
8AI Score
0.0004EPSS
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...
7.3CVSS
7.1AI Score
0.0004EPSS
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...
7.3CVSS
7.1AI Score
0.0004EPSS
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...
7.3CVSS
7AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...
7.8CVSS
8.5AI Score
0.0004EPSS
The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation. No patient health data is stored in the database, although some site installations may choose to store personal...
7.3AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
Barracuda Urges Replacing — Not Patching — Its Email Security Gateways
It's not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware -- as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda...
9.8CVSS
9.1AI Score
0.075EPSS
bd-auto.com Cross Site Scripting vulnerability OBB-3400351
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure,...
7.3CVSS
7.1AI Score
0.001EPSS
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.8AI Score
0.001EPSS
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.6AI Score
0.001EPSS
Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via...
7.5CVSS
7.6AI Score
0.003EPSS
Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or...
7.5CVSS
7.6AI Score
0.003EPSS
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.8AI Score
0.001EPSS
CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools
Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series...
6.2CVSS
6.8AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.001EPSS
[SECURITY] [DLA 3438-1] kamailio security update
Debian LTS Advisory DLA-3438-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 30, 2023 https://wiki.debian.org/LTS Package : kamailio Version : 5.2.1-1+deb10u1 CVE ID :...
9.8CVSS
9.4AI Score
0.001EPSS
Debian DLA-3438-1 : kamailio - LTS security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3438 advisory. The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or...
7.6AI Score
0.001EPSS
[SECURITY] Fedora 37 Update: python-requests-2.28.1-3.fc37
Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module prov ides most of the HTTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy...
6.1CVSS
7AI Score
0.001EPSS
[SECURITY] Fedora 38 Update: python-fastapi-0.95.2-1.fc38
FastAPI is a modern, fast (high-performance), web framework for building AP Is with Python 3.7+ based on standard Python type hints. The key features are: =EF=BF=BD=EF=BF=BD=EF=BF=BD Fast: Very high performance, on par with Node JS and Go (thanks to Starlette and Pydantic). One of the...
7.1AI Score
[SECURITY] Fedora 38 Update: python-starlette-0.27.0-1.fc38
Starlette is a lightweight ASGI framework/toolkit, which is ideal for build ing async web services in Python. It is production-ready, and gives you the following: =EF=BF=BD=EF=BF=BD=EF=BF=BD A lightweight, low-complexity HTTP web framew ork. =EF=BF=BD=EF=BF=BD=EF=BF=BD WebSocket support. ...
7AI Score
[SECURITY] Fedora 37 Update: python-starlette-0.20.4-3.fc37
Starlette is a lightweight ASGI framework/toolkit, which is ideal for build ing async web services in Python. It is production-ready, and gives you the following: =EF=BF=BD=EF=BF=BD=EF=BF=BD A lightweight, low-complexity HTTP web framew ork. =EF=BF=BD=EF=BF=BD=EF=BF=BD WebSocket support. ...
7AI Score
[SECURITY] Fedora 38 Update: python-requests-2.28.2-2.fc38
Most existing Python modules for sending HTTP requests are extremely verbos e and cumbersome. Python=EF=BF=BD=EF=BF=BD=EF=BF=BDs built-in urllib2 module prov ides most of the HTTP capabilities you should need, but the API is thoroughly broken. This librar y is designed to make HTTP requests easy...
6.1CVSS
7AI Score
0.001EPSS
Introducing: ‘Saved Filters’ in InsightCloudSec
Last year, when we launched Layered Context in InsightCloudSec, we knew we had something great on our hands. Not just because we provided a single view for cloud security practitioners to see their full cloud risk posture (though, if we do say so ourselves, that’s pretty sweet). No, we knew we had....
6.7AI Score
(RHSA-2023:3002) Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.4AI Score
0.002EPSS
(RHSA-2023:2792) Moderate: bind9.16 security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.4AI Score
0.002EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
5.3CVSS
6.7AI Score
0.002EPSS
Moderate: bind9.16 security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
6.7AI Score
0.002EPSS
Siemens SIPROTEC 5 Devices Null Pointer Dereference (CVE-2023-28766)
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All ver...
7.6AI Score
0.002EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
5.3CVSS
6.7AI Score
0.002EPSS
Moderate: bind9.16 security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
6.7AI Score
0.002EPSS
Siemens RADIUS Client of SIPROTEC 5 Devices Loop with Unreachable Exit Condition (CVE-2022-38767)
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
7.6AI Score
0.001EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6075-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6075-1 advisory. In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to...
9.1AI Score
0.002EPSS
Releases Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...
8.8CVSS
8.8AI Score
0.002EPSS
New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows
A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with...
7.5AI Score
0.0004EPSS
(RHSA-2023:2261) Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.8AI Score
0.002EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
7.9AI Score
0.002EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
6.7AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1778)
The remote host is missing an update for the Huawei...
7.8CVSS
6.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1756)
The remote host is missing an update for the Huawei...
7.8CVSS
6.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2023-1734)
The remote host is missing an update for the Huawei...
3.3CVSS
6.8AI Score
0.001EPSS
EulerOS Virtualization 3.0.2.0 : libdb (EulerOS-SA-2023-1734)
According to the versions of the libdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior...
5.8AI Score
0.001EPSS
AppDomain Manager Injection: New Techniques For Red Teams
AppDomain Manager Injection is a very versatile and useful technique for red team operators. This technique allows you to effectively turn any Microsoft.NET application on a Windows host into a lolbin (Living Off the Land Binary) by forcing the application to load a specially crafted .NET...
7.7AI Score