Description of the security update for Outlook 2013: August 14, 2018
Description of the security update for Outlook 2013: August 14, 2018 Summary This security update resolves vulnerabilities in Microsoft Office. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures ADV180021. Note To apply this security update, you must...
7.1AI Score
www2.bingfeng.tw XSS vulnerability
Open Bug Bounty ID: OBB-660976 Description| Value ---|--- Affected Website:| www2.bingfeng.tw Open Bug Bounty Program:| View Open Bug Bounty Program Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
0.1AI Score
Block.one: [FG-VD-18-125] Buffer Overflow Vulnerability in Latest EOS's EOSIO.WASMSDK Repository
Hello Block.One / EOS Product Security Team, Good Afternoon. There exists a Memory Corruption vulnerability in the latest EOS WASMSDK Library. The PoC.wasm file is attached along with this report. Reproduction Steps: - 1) Fetch latest EOS WASMSDK repsository from...
0.1AI Score
tk-liesing.at XSS vulnerability
Open Bug Bounty ID: OBB-646551 Description| Value ---|--- Affected Website:| tk-liesing.at Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS (Cross Site Scripting) / CWE-79 CVSSv3 Score:| 6.1...
AI Score
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel...
5.6CVSS
6.3AI Score
0.001EPSS
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 25, 2018
I have never reverse engineered anything, but I did dismantle a Betamax VCR and put it back together without an instruction manual. My little brother liked to use the tape slot as a garage for his Hot Wheels® toy cars. We were usually able to take out the cars without any issues, but one day, he...
0.5AI Score
EPSS
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side...
5.6CVSS
6.2AI Score
0.001EPSS
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side...
5.6CVSS
6AI Score
0.001EPSS
Description of the security update for Outlook 2013: June 12, 2018
Description of the security update for Outlook 2013: June 12, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...
7AI Score
0.003EPSS
GE MDS PulseNET Pooled Invoker Deserialization Of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of data from a Java RMI Pooled Invoker port. The issue results from the.....
9.8CVSS
3.4AI Score
0.04EPSS
PHP 7.2.2 - php_stream_url_wrap_http_ex Buffer Overflow Exploit
Exploit for php platform in category dos /...
-0.1AI Score
0.753EPSS
0.6AI Score
0.753EPSS
PHP 7.2.2 - php_stream_url_wrap_http_ex Buffer Overflow
PHP 7.2.2 - php_stream_url_wrap_http_ex Buffer...
0.6AI Score
7.4AI Score
EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
8.3CVSS
8.2AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
8.3CVSS
8.3AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
8.2CVSS
8.2AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
8.3CVSS
8.1AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
8.2CVSS
8.2AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
8.2CVSS
8.3AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
5.3CVSS
6AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
5.3CVSS
6.1AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
5.3CVSS
5.2AI Score
0.001EPSS
Philips' IntelliVue Patient and Avalon Fetal Monitors
EXECUTIVE SUMMARY CVSS v3 8.3 Vendor: Philips Equipment: IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors Vulnerabilities: Improper Authentication, Information Exposure, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation may allow an attacker to read/write...
8.3CVSS
7.6AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
8.3AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
8.3AI Score
0.001EPSS
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability...
5.3AI Score
0.001EPSS
Facebook Accused of Giving Over 60 Device-Makers Deep Access to User Data
After being embroiled into controversies over its data sharing practices, it turns out that Facebook had granted inappropriate access to its users' data to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung. According to a lengthy report published by The New...
-0.7AI Score
Liberapay: Able to View other users income history
Hello, I found an IDOR that i was able to view income history of other users, Steps to reproduce issue, 1. Login into account and fire up Burpsuite 2. The got to profile page and click on view income history 3. Then you can see a request like GET /Liberapay/charts.json HTTP/1.1 Host:...
0.4AI Score
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code...
8.8CVSS
9AI Score
0.003EPSS
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access...
9.8CVSS
9.3AI Score
0.002EPSS
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access...
9.8CVSS
9.2AI Score
0.002EPSS
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code...
8.8CVSS
9.1AI Score
0.003EPSS
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code...
8.8CVSS
9AI Score
0.003EPSS
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access...
9.8CVSS
9.4AI Score
0.002EPSS
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka remote code...
9.1AI Score
0.003EPSS
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access...
9.4AI Score
0.002EPSS
Fedora 27 : knot-resolver (2018-a120d509ab)
Knot Resolver 2.3.0 (2018-04-23) ================================ Security fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) increase resilience against slow lorris attack (security!5) Bugfixes validation: fix...
7.5CVSS
-0.5AI Score
0.001EPSS
Fedora 26 : knot-resolver (2018-0c0671072b)
Knot Resolver 2.3.0 (2018-04-23) ================================ Security fix CVE-2018-1110: denial of service triggered by malformed DNS messages (!550, !558, security!2, security!4) increase resilience against slow lorris attack (security!5) Bugfixes validation: fix...
7.5CVSS
-0.5AI Score
0.001EPSS
Description of the security update for SharePoint Server 2010: May 8, 2018
Description of the security update for SharePoint Server 2010: May 8, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following.....
6.2AI Score
0.005EPSS
AI Score
0.003EPSS
Threatpost RSA Conference 2018 Preview
The RSA Conference 2018 kicks off this week in San Francisco, drawing attendees from around the world eager to learn more about the latest threats, vulnerabilities, and security products and tools for the coming year. This year’s conference has more than 650 exhibitors and 550 sessions covering...
1.2AI Score
Denial Of Service (DoS) Via Out-of-bounds Read
libarchive.so is vulnerable to Denial of Service (DoS) via out-of-bounds read. The vulnerability is possible because a malicious .mtree file can be passed to process_add_entry() function in archive_read_support_format_mtree.c, leading to out-of-bounds...
5.5CVSS
6.5AI Score
0.006EPSS
Description of the security update for SharePoint Server 2010: April 10, 2018
Description of the security update for SharePoint Server 2010: April 10, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...
6.4AI Score
0.005EPSS
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka...
5.6CVSS
5.3AI Score
0.001EPSS
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka...
5.6CVSS
5.2AI Score
0.001EPSS
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The...
7.7CVSS
7.3AI Score
0.001EPSS
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The...
7.7CVSS
7.4AI Score
0.001EPSS
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The...
7.7CVSS
7.3AI Score
0.001EPSS
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The...
7.4AI Score
0.001EPSS