Federal Aviation Administration GPS Testing
Overview The US Federal Aviation Administration (FAA) has issued two flight advisories identifying planned Global Positioning System (GPS) temporary outages and the affected areas, due Department of Defense testing. During testing, the GPS signal may be unreliable or unavailable. ICS-CERT is...
7AI Score
Linux Kernel CVE-2018-5391 Remote Denial of Service Vulnerability
Description Linux Kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected Arista Extendible Operating System (EOS) 4.20.0F Arista Extendible Operating System (EOS) 4.20.1F Arista Extendible...
1.3AI Score
0.017EPSS
HPSBHF03589 rev. 5 - HP Ink Printers Remote Code Execution
Potential Security Impact Reported by: TBA VULNERABILITY SUMMARY Two security vulnerabilities have been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack or static buffer overflow, which could allow remote code execution. ...
7.8CVSS
0.5AI Score
0.039EPSS
Critical Authentication Flaws in Cisco Policy Suite Patched
Cisco has patched four critical security vulnerabilities surrounding a lack of authentication requirements in its Policy Suite for mobile carriers. These would allow remote attackers to potentially exfiltrate information, compromise wireless subscriber account information, meddle with databases or....
1.2AI Score
0.004EPSS
libraw.so is vulnerable to denial of service (DoS) attacks. The library contains an off-by-one error in the LibRaw::kodak_ycbcr_load_raw() function of dcraw_common.cpp, allowing a malicious user to pass an image file to the application to cause a heap-based buffer overflow, crashing the...
6.5CVSS
7AI Score
0.011EPSS
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to...
8.8CVSS
9AI Score
0.002EPSS
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to...
8.8CVSS
9.2AI Score
0.002EPSS
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to...
8.8CVSS
9.1AI Score
0.002EPSS
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware before 11.2(1) could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to...
9.2AI Score
0.002EPSS
Cisco Patches High-Severity Bug in VoIP Phones
A range of business customers could be impacted by a high-severity security flaw discovered in Cisco VoIP phones. The vendor issued a patch on Wednesday. Cisco also patched two medium-security flaws today in its FireSIGHT management platform for network security; and one medium-severity issue in...
0.8AI Score
0.002EPSS
A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to perform a command injection and execute commands with the privileges of the web server. The vulnerability is due to insufficient input...
1.4AI Score
0.002EPSS
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary...
7.5AI Score
Security Advisory - Weak Algorithm Vulnerability in Some Huawei Products
There is a weak algorithm vulnerability in some Huawei products. To exploit the vulnerability, a remote, unauthenticated attacker has to capture TLS traffic between clients and the affected products. The attacker may launch the Bleichenbacher attack on RSA key exchange to decrypt the session key...
5.9CVSS
5.6AI Score
0.002EPSS
FreeBSD : GraphicsMagick -- multiple vulnerabilities (25f73c47-68a8-4a30-9cbc-1ca5eea4d6ba)
GraphicsMagick reports : Multiple vulnerabilities have been found in GraphicsMagick 1.3.26 or earlier. Please refer to the CVE list for...
9.8CVSS
0.4AI Score
0.037EPSS
junrar is vulnerable to denial of service (DoS) attacks. The vulnerability exists due to an infinite loop that can occur when handling RAR files which has long...
5.5CVSS
5.3AI Score
0.001EPSS
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS
Summary There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.7 of IBM SONAS Vulnerability Details IBM SONAS is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla Firefox shipped in certain versions of.....
9.8CVSS
3.1AI Score
0.008EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK...
0.6AI Score
0.143EPSS
Security Advisory - Side-Channel Vulnerability Variants 3a and 4
Intel publicly disclosed new variants of the side-channel central processing unit (CPU) hardware vulnerabilities known as Spectre and Meltdown. These variants known as 3A (CVE-2018-3640)and 4 (CVE-2018-3639), local attackers may exploit these vulnerabilities to cause information leak on the...
5.5CVSS
0.6AI Score
0.003EPSS
Security Advisory - OpenSSL Vulnerability in Some Huawei Products
Constructed ASN.1 types with a recursive definition in some OpenSSL versions could eventually exceed the stack given malicious input with excessive recursion. Successful exploit of this vulnerability may result in a Denial of Service attack. (Vulnerability ID: HWPSIRT-2018-03073) This...
6.5CVSS
1.6AI Score
0.009EPSS
Description of the security update for SharePoint Foundation 2013: June 12, 2018
Description of the security update for SharePoint Foundation 2013: June 12, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
6.2AI Score
0.005EPSS
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox <...
9.8CVSS
8.2AI Score
0.008EPSS
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox <...
9.8CVSS
9.2AI Score
0.008EPSS
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox <...
9.8CVSS
8.9AI Score
0.008EPSS
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox <...
9.8CVSS
9.1AI Score
0.008EPSS
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox <...
8.4AI Score
0.008EPSS
edificio-aliados-porto-habinedita-5800.empreendimentos.com.pt XSS vulnerability
Open Bug Bounty ID: OBB-629225 Description| Value ---|--- Affected Website:| edificio-aliados-porto-habinedita-5800.empreendimentos.com.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site...
AI Score
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial...
7.5CVSS
7.5AI Score
0.001EPSS
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial...
7.5AI Score
0.001EPSS
Cisco Unified IP Phone Software Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An...
1.4AI Score
0.002EPSS
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial...
1.2AI Score
0.001EPSS
Cisco Releases Security Updates for Multiple Products
Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the.....
8.7AI Score
Rockwell Automation FactoryTalk Activation Manager (Update B)
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Rockwell Automation Equipment: Factory Talk Activation Manager Vulnerabilities: Cross-site Scripting, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. UPDATE...
9.8CVSS
9.5AI Score
0.916EPSS
PT-2018-45: Hard-coded Credentials in EVLink Parking
PT-2018-45: Hard-coded Credentials in EVLink Parking Vulnerable product EVLink Parking Version: v3.2.0-12_v1 and earlier Link: https://www.schneider-electric.com/ Severity level Severity level: High Impact: Unauthorized access Access Vector: Remote CVSS v3: Base Score: 9.8 Vector:...
9.8CVSS
0.3AI Score
0.004EPSS
0.1AI Score
7.4AI Score
0.1AI Score
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is...
7.5CVSS
7.6AI Score
0.002EPSS
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is...
7.5CVSS
7.6AI Score
0.002EPSS
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is...
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is...
7.6AI Score
0.002EPSS
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series, IP Phone 8800 Series, and Wireless IP Phone 8821 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability.....
1.5AI Score
0.002EPSS
Description of the security update for SharePoint Foundation 2013: May 8, 2018
Description of the security update for SharePoint Foundation 2013: May 8, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft.....
6.3AI Score
0.005EPSS
GLSA-201803-14 : Mozilla Thunderbird: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201803-14 (Mozilla Thunderbird: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below...
9.8CVSS
0.8AI Score
0.028EPSS
8.8CVSS
6.9AI Score
0.011EPSS
Ubuntu 14.04 LTS / 16.04 LTS : LibRaw vulnerabilities (USN-3615-1)
It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause applications linked against LibRaw to crash, resulting in a denial of service, or possibly execute arbitrary code.....
8.8CVSS
8.3AI Score
0.011EPSS
Releases Ubuntu 17.10 Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages libraw - raw image decoder library Details It was discovered that LibRaw incorrectly handled photo files. If a user or automated system were tricked into processing a specially crafted photo file, a remote attacker could cause...
8.8CVSS
7.6AI Score
0.011EPSS
apiaudio.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-594378 Description| Value ---|--- Affected Website:| apiaudio.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the referenced Mozilla Foundation Security Advisories and CVE identifiers below for details. Impact A...
9.8CVSS
9.1AI Score
0.028EPSS