1AI Score
0.0004EPSS
0.2AI Score
0.001EPSS
Description of the security update for SharePoint Foundation 2013: May 14, 2019
Description of the security update for SharePoint Foundation 2013: May 14, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...
7AI Score
0.015EPSS
EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1534)
According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length ...
0.8AI Score
0.36EPSS
Rockwell Automation 1771-IAD General Purpose Discrete I/O
A Rockwell Automation 1771-IAD General Purpose Discrete I/O has been detected. For additional information see the web link...
1.1AI Score
What to do when you discover a data breach
Your cell phone goes off in the middle of your well-deserved sleep and you try to find it before your partner wakes up as well. “What could be wrong? Why would they page me in the middle of the night?” More asleep than awake, you stumble down the stairs and call the number on the screen, which...
-0.4AI Score
Who is managing the security of medical management apps?
One truth that is consistent across every sector—be it technology or education—is that software is vulnerable, which means that any device running software applications is also at risk. While virtually any application-running device could be compromised by an attacker, vulnerabilities in medical...
-0.3AI Score
Description of the security update for SharePoint Foundation 2013: April 9, 2019
Description of the security update for SharePoint Foundation 2013: April 9, 2019 Summary This security update resolves a cross-site–scripting (XSS) vulnerability that exists when Microsoft SharePoint Server does not correctly sanitize a specially crafted web request that's made to an affected...
5.6AI Score
0.001EPSS
Cardinal RAT Resurrected to Target FinTech Firms
A malware family called Cardinal RAT has reappeared, after two years of silence, in a series of attacks that have been targeting Israel-based financial technology firms. After Cardinal RAT was first detected in 2017, the malware disappeared for two years. But now, in this latest campaign,...
0.2AI Score
TheCarProject v2 - Multiple SQL Injection Vulnerability
Exploit for php platform in category web...
AI Score
0.2AI Score
7.4AI Score
0.3AI Score
Description of the security update for SharePoint Foundation 2013: March 12, 2019
Description of the security update for SharePoint Foundation 2013: March 12, 2019 Summary This security update resolves a cross-site-scripting (XSS) vulnerability if Microsoft SharePoint Server does not correctly sanitize a specially crafted web request to an affected SharePoint server. To learn...
5.7AI Score
0.001EPSS
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes:...
7.4AI Score
0.002EPSS
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes:...
6.6AI Score
0.002EPSS
0.002EPSS
libmatio.so is vulnerable to denial of service (DoS) attacks. The vulnerability exists through a possible stack-based buffer over-read in a memcpy operation in Mat_VarReadNextInfo5() in src/mat5.c, resulting in a denial of service condition when the vulnerability is...
9.1CVSS
8.7AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
9.2AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
8.8AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
9.2AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
7AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
9.3AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.3AI Score
0.006EPSS
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...
9.1CVSS
8.8AI Score
0.006EPSS
Threatpost News Wrap Podcast For Feb. 22
Threatpost editors Lindsey O’Donnell and Tom Spring discuss the biggest news of the week ended Feb. 22, including a report about flaws in password managers, and a 19-year-old flaw found in WinRAR. The Threatpost team also discussed an upcoming webinar on Feb. 27 at 2 p.m. ET. Patrick Hevesi of...
-0.7AI Score
Description of the security update for SharePoint Foundation 2013: February 12, 2019
Description of the security update for SharePoint Foundation 2013: February 12, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
9AI Score
0.974EPSS
Summary IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in X.Org libXrender. Vulnerability Details Summary IBM Dynamic System Analysis (DSA) Preboot has addressed the following vulnerabilities in X.Org libXrender. Vulnerability Details CVEID: CVE-2016-7949...
9.8CVSS
0.6AI Score
0.014EPSS
Detection of Teradata Viewpoint. The script sends a connection request to the server and attempts to detect Teradata Viewpoint and to extract its...
7AI Score
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected...
8.1CVSS
8AI Score
0.002EPSS
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected...
8.1CVSS
8.1AI Score
0.002EPSS
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected...
8.1CVSS
8AI Score
0.002EPSS
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected...
8.1AI Score
0.002EPSS
Description of the security update for SharePoint Foundation 2013: January 8, 2019
Description of the security update for SharePoint Foundation 2013: January 8, 2019 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
6.4AI Score
0.001EPSS
0.4AI Score
0.126EPSS
Security Advisory - Cache Timing Vulnerability in OpenSSL RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack (CVE-2018-0737). An attacker could exploit this vulnerability to recover the private key. (Vulnerability ID: HWPSIRT-2018-06015) Huawei has released software updates to fix this...
5.9CVSS
2.6AI Score
0.01EPSS
Microsoft ChakraCore is vulnerable to remote code execution. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229,.....
7.5CVSS
7.6AI Score
0.203EPSS
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...
5.9CVSS
6.1AI Score
0.002EPSS
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.4CVSS
7.3AI Score
0.002EPSS
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.4CVSS
7.3AI Score
0.002EPSS
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...
7.4CVSS
7.2AI Score
0.002EPSS
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...
7.4CVSS
7.2AI Score
0.002EPSS
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.4CVSS
7.3AI Score
0.002EPSS
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...
7.4CVSS
7.3AI Score
0.002EPSS
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...
5.9CVSS
5.5AI Score
0.002EPSS
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...
5.9CVSS
6.1AI Score
0.002EPSS
There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited....
7.3AI Score
0.002EPSS
There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information...
6.1AI Score
0.002EPSS
There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Successful exploitation may intercept and tamper with the call information, eventually cause...
7.3AI Score
0.002EPSS
Earlier this week hellor00t asked via Twitter: Where would you place your security researchers/hunt team? I replied: For me, "hunt" is just a form of detection. I don't see the need to build a "hunt" team. IR teams detect intruders using two major modes: matching and hunting. Junior people...
-0.4AI Score