A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...
8.8CVSS
8.9AI Score
0.001EPSS
Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware
Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by an unauthenticated attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said.....
1.2AI Score
0.001EPSS
Cisco Releases Security Advisory for IP Phone 7800 and 8800 Series
Cisco released a security advisory for a vulnerability affecting IP Phone 7800 and 8800 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. For more information, see the Cisco Security Advisories page. CISA encourages users and administrators to...
1.9AI Score
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...
8.1CVSS
9.2AI Score
0.001EPSS
Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol Stack Overflow Vulnerability
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco...
9AI Score
0.001EPSS
Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the...
7.8CVSS
7.9AI Score
0.0004EPSS
Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of...
5.5CVSS
6.1AI Score
0.0004EPSS
Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious...
7.8CVSS
8AI Score
0.0004EPSS
An attacker with local access to the system can make unauthorized modifications of the security configuration of the SOC registers. This could allow potential corruption of AMD secure processor’s encrypted memory contents which may lead to arbitrary code execution in...
7.8CVSS
7.9AI Score
0.0004EPSS
Improper parameters handling in the AMD Secure Processor (ASP) kernel may allow a privileged attacker to elevate their privileges potentially leading to loss of...
7.8CVSS
7.2AI Score
0.0004EPSS
Improper parameters handling in AMD Secure Processor (ASP) drivers may allow a privileged attacker to elevate their privileges potentially leading to loss of...
7.8CVSS
7.4AI Score
0.0004EPSS
Description of the security update for SharePoint Foundation 2013: November 8, 2022 (KB5002303)
Description of the security update for SharePoint Foundation 2013: November 8, 2022 (KB5002303) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
8.9AI Score
0.013EPSS
Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002267)
Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002267) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the...
8.3AI Score
0.022EPSS
tpm2-abrmd bug fix and enhancement update
An update is available for tpm2-abrmd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux.....
2AI Score
Rockwell Automation Stratix Devices Containing Cisco IOS
EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Stratix Devices Vulnerabilities: Incorrect Authorization, Improper Input Validation, Improper Check for Unusual or Exceptional Conditions, Interpretation Conflict, OS...
8.8CVSS
8.1AI Score
0.002EPSS
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with....
7.5CVSS
7AI Score
0.01EPSS
(RHSA-2022:6801) Important: OpenShift Container Platform 4.8.51 packages and security update
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.51. See the following advisory for the RPM...
-0.1AI Score
0.002EPSS
Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284)
Description of the security update for SharePoint Foundation 2013: October 11, 2022 (KB5002284) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common...
9.1AI Score
0.013EPSS
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not...
9.1AI Score
0.466EPSS
Abstract Issues disclosed in the Oracle October 2013 Java SE Critical Patch Update, plus 6 additional vulnerabilities Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041 CVE-2013-5375 CVE-2013-5372 CVE-2013-5843 CVE-2013-5789 CVE-2013-5830 CVE-2013-5829.....
0.8AI Score
0.143EPSS
Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Content The IBM WebSphere Application Server is shipped with an IBM SDK for Java that is based on the Oracle JDK. Oracle has released October 2013 critical patch updates...
0.4AI Score
0.143EPSS
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time
Abstract Issues disclosed in the Oracle October 2013 Java SE Critical Patch Update, plus 6 additional vulnerabilities. Content VULNERABILITY DETAILS: CVE IDs: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041 CVE-2013-5375 CVE-2013-5372 CVE-2013-5843 CVE-2013-5789 CVE-2013-5830 CVE-2013-5829....
0.7AI Score
0.143EPSS
Abstract IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has it own JRE. Oracle has released a October 2013 Critical Patch Update (CPU) that contains security vulnerability....
0.6AI Score
0.143EPSS
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
Summary Smarter Infrastructure Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs. Vulnerability Details CVE IDs: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041...
8.8AI Score
0.143EPSS
8.8CVSS
7.8AI Score
0.013EPSS
7.2CVSS
8.6AI Score
0.948EPSS
HP PC UEFI Secure Boot Database Update July 2022
Potential vulnerabilities have been identified in certain UEFI applications signed by HP which may allow local arbitrary code execution. HP is providing a standalone Secure Boot Update Utility (SBUU) for identified HP PC products to update the secure boot database so that these vulnerable UEFI...
8.2CVSS
8.5AI Score
0.002EPSS
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes:...
7.3AI Score
0.0004EPSS
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes:...
0.0004EPSS
0.0004EPSS
Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack
A suspected ransomware intrusion attempt against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a...
9.8CVSS
0.6AI Score
0.036EPSS
Mitel 6800/6900 Series SIP Phones Backdoor Access Vulnerability
Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 (5.1.0.8016) and earlier, Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165), and MiNet...
6.8CVSS
0.5AI Score
0.004EPSS
Malicious code in upchieve-server (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (4e71a98a78cfa7d530e0544425c37aeb89014ae938333f157afa35954bde0492) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in ringcentral-community-app (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (c7350ee514e74a46e04bbb40a6879da3a2070c7b76b131012941b750514e1a6f) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
6.8CVSS
0.5AI Score
0.004EPSS
Description of the security update for SharePoint Foundation 2013: June 14, 2022 (KB5002219)
Description of the security update for SharePoint Foundation 2013: June 14, 2022 (KB5002219) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
9.1AI Score
0.011EPSS
Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues...
6.8CVSS
1.6AI Score
0.004EPSS
Exploit for Vulnerability in Microsoft
CVE-2022-26809 RCE Exploit CVE description CVE-2022-26809...
9.8CVSS
0.2AI Score
0.022EPSS
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful...
6.8CVSS
7.1AI Score
0.004EPSS
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful...
6.8CVSS
0.004EPSS
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful...
6.8CVSS
6.9AI Score
0.004EPSS
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful...
7AI Score
0.004EPSS
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a...
6.8CVSS
0.004EPSS
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a...
6.8CVSS
7.1AI Score
0.004EPSS
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a...
6.8CVSS
6.9AI Score
0.004EPSS
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a...
7.1AI Score
0.004EPSS
Description of the security update for SharePoint Foundation 2013: May 10, 2022 (KB5002203)
Description of the security update for SharePoint Foundation 2013: May 10, 2022 (KB5002203) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...
8.9AI Score
0.054EPSS
7.5CVSS
7.4AI Score
0.002EPSS
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in...
5.3CVSS
5.2AI Score
0.001EPSS
A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized...
5.3CVSS
5.1AI Score
0.001EPSS