Insufficient bounds checking in ASP may allow an attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of...
5.5CVSS
7.2AI Score
0.0004EPSS
Certain size values in firmware binary headers could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory...
8.2CVSS
8.7AI Score
0.001EPSS
Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of...
7.5CVSS
7.8AI Score
0.001EPSS
A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information...
5.5CVSS
7.1AI Score
0.0004EPSS
A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information...
7.4CVSS
8.4AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that...
6.5CVSS
6.7AI Score
0.001EPSS
Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383)
Description of the security update for SharePoint Foundation 2013: April 11, 2023 (KB5002383) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-28288....
8AI Score
0.004EPSS
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...
7.5CVSS
7.5AI Score
0.001EPSS
Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication...
7.5CVSS
7.5AI Score
0.001EPSS
SIGSEGV at libr/bin/p/bin_coff.c:509 in patch_relocs()
Description radare2 5.8.2 misparses symbol information in COFF files, causing a segmentation fault in patch_relocs at libr/bin/p/bin_coff.c:509 # Proof of Concept input.bin 00000000: 6603 e846 4058 6458 4036 5858 5858 5868 f..F@XdX@6XXXXXh 00000010: 5858 7063 5858 5840 0038 00de 57ff ffff ...
7.5CVSS
7.2AI Score
0.001EPSS
Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367)
Description of the security update for SharePoint Foundation 2013: March 14, 2023 (KB5002367) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2023-23395....
4.1AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 27, 2023 to Mar 5, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced vulnerability...
8.8CVSS
0.1AI Score
EPSS
Cisco IP Phones < 11.3.7SR1 Multiple Vulnerabilities (cisco-sa-ip-phone-cmd-inj-KMFynVcP)
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. Please see the included Cisco BIDs and Cisco Security Advisory for more...
8.9AI Score
0.003EPSS
9.8CVSS
8.7AI Score
0.037EPSS
CVE-2023-20079 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...
9.8CVSS
9.9AI Score
0.002EPSS
CVE-2023-20078 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...
9.8CVSS
10AI Score
0.003EPSS
Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack
Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based.....
1.3AI Score
0.004EPSS
Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details ["#details"] section...
1.2AI Score
0.003EPSS
Malicious code in selfvmrandom (pypi)
-= Per source details. Do not edit below this line.=- Source: checkmarx (fe85fa4c2e96cb2a2a49f5493aac578f73c5bb2dbed574c3130b280e42fa3fe3) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...
7.2AI Score
Malicious code in pyultra (pypi)
-= Per source details. Do not edit below this line.=- Source: checkmarx (9660e4540466257fc92dab3911b03478215ecd015217fca5e352c0ba568f5004) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...
7.2AI Score
Malicious code in urlultra (pypi)
-= Per source details. Do not edit below this line.=- Source: checkmarx (3c7b155fedf43e93b99c014649b35e6cee427625d86cb5c8fe57497b36942ad4) EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing...
7.2AI Score
Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347)
Description of the security update for SharePoint Foundation 2013: February 14, 2023 (KB5002347) Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about the vulnerabilities,....
9.7AI Score
0.454EPSS
USN-5800-1: Heimdal vulnerabilities | Cloud Foundry
Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov...
9.8CVSS
2.6AI Score
0.014EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....
8.6CVSS
6.6AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....
6.5CVSS
8.7AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....
6.5CVSS
6.6AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....
8.6CVSS
8.8AI Score
0.001EPSS
9.8CVSS
7.9AI Score
0.014EPSS
It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-44758) Evgeny Legerov discovered that Heimdal incorrectly handled memory when performing certain DES decryption operations. A remote...
9.8CVSS
8.2AI Score
0.014EPSS
Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor. It also includes new fingerprints and a number of bug fixes, all of which are detailed...
9.8CVSS
0.1AI Score
0.974EPSS
Update now! Patch Tuesday January 2023 includes one actively exploited vulnerability
The first Microsoft Patch Tuesday of 2023 is an important one to start of the year with. In total 98 vulnerabilities were patched, including 11 that were labelled critical and one that is being actively exploited in the wild. This is also the last time we expect to see fixes for Windows 8.1...
8.8CVSS
0.8AI Score
0.006EPSS
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Heimdal vulnerabilities (USN-5800-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5800-1 advisory. Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of...
9.6AI Score
0.014EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages heimdal - Heimdal Kerberos Network Authentication Protocol Details It was discovered that Heimdal incorrectly handled certain SPNEGO tokens. A remote attacker could possibly use this issue to cause a denial...
9.8CVSS
8.9AI Score
0.014EPSS
Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....
1.3AI Score
0.001EPSS
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code...
7.8CVSS
8AI Score
0.0004EPSS
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of...
5.5CVSS
6AI Score
0.0004EPSS
Description of the security update for SharePoint Foundation 2013: January 10, 2023 (KB5002336)
Description of the security update for SharePoint Foundation 2013: January 10, 2023 (KB5002336) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...
9AI Score
0.007EPSS
ManageEngine PAM360 < 5.8 Build 5801 SQLi
The remote host is running a version of ManageEngine PAM360 prior to 5.8 Build 5801. It is, therefore, affected by a SQL injection vulnerability. An unauthenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or...
9.7AI Score
0.144EPSS
Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. "An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated...
2.6AI Score
0.144EPSS
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...
8.8CVSS
9.1AI Score
0.002EPSS
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...
8.8CVSS
9.2AI Score
0.002EPSS
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...
8.8CVSS
9.2AI Score
0.002EPSS
CVE-2022-46304 ChangingTec ServiSign - Command Injection
ChangingTec ServiSign component has insufficient filtering for special characters in the connection response parameter. An unauthenticated remote attacker can host a malicious website for the component user to access, which triggers command injection and allows the attacker to execute arbitrary...
8.8CVSS
9.4AI Score
0.002EPSS
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. Bugs https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 Notes Author| Note ---|--- rodrigo-zaiden |...
7.5CVSS
3.6AI Score
0.001EPSS
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of...
8.8CVSS
8.9AI Score
0.005EPSS
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Bugs http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187 https://bugzilla.samba.org/show_bug.cgi?id=14929 Notes Author| Note...
9.8CVSS
9.2AI Score
0.014EPSS
Update now! Two zero-days fixed in 2022's last patch Tuesday
In numbers, the patch Tuesday of December 2022 is a relatively light one for Windows users. Microsoft patched 48 vulnerabilities with only six considered critical. But numbers are only half the story. Two of the updates are zero-days with one of them known to be actively exploited. Windows...
8.5CVSS
0.4AI Score
0.023EPSS
Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319)
Description of the security update for SharePoint Foundation 2013: December 13, 2022 (KB5002319) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...
9AI Score
0.009EPSS
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...
8.8CVSS
8.9AI Score
0.001EPSS
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...
8.8CVSS
0.001EPSS