Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1545)
The remote host is missing an update for the Huawei...
7.8CVSS
6.5AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for byacc (EulerOS-SA-2023-1520)
The remote host is missing an update for the Huawei...
7.8CVSS
6.5AI Score
0.001EPSS
Ator - Authentication Token Obtain and Replace Extender
The plugin is created to help automated scanning using Burp in the following scenarios: Access/Refresh token Token replacement in XML,JSON body Token replacement in cookies The above can be achieved using complex macro, session rules or Custom Extender in some scenarios. The rules become tricky...
-0.3AI Score
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5943-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5943-1 advisory. Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616) An attacker could construct...
9.2AI Score
0.002EPSS
Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...
8.8CVSS
9.3AI Score
0.002EPSS
[SECURITY] Fedora 38 Update: python-flask-2.2.3-1.fc38
Flask is called a =EF=BF=BD=EF=BF=BD=EF=BF=BDmicro-framework=EF=BF=BD=EF=BF =BD=EF=BF=BD because the idea to keep the core simple but extensible. There is no database abstraction layer, no form validation or anything else where different libraries already exist that can handle that. However Flask.....
1.6AI Score
Threat Source newsletter (March 9, 2023) — Stop freaking out about ChatGPT
Welcome to this week's edition of the Threat Source newsletter. There is no shortage of hyperbolic headlines about ChatGPT out there, everything from how it and other AI tools like it are here to replace all our jobs, make college essays a thing of the past and change the face of cybersecurity as.....
7.8CVSS
7.8AI Score
0.969EPSS
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
Summary Cloud Pak for Security (CP4S) v1.8.1.0 and earlier uses packages that are vulnerable to several CVEs. These have been remediated in the latest product release. Please see below for CVE details and the Remediation section for upgrade instructions. Vulnerability Details ** CVEID:...
9.8CVSS
10.3AI Score
0.971EPSS
8.8CVSS
9.4AI Score
0.022EPSS
9.8CVSS
7.8AI Score
0.935EPSS
8.8CVSS
8.8AI Score
0.008EPSS
7.5AI Score
9.8CVSS
8.3AI Score
0.01EPSS
8.8CVSS
8.8AI Score
0.024EPSS
9.8CVSS
9.6AI Score
0.041EPSS
9.8CVSS
8.3AI Score
0.01EPSS
7.5CVSS
7.7AI Score
0.006EPSS
9.8CVSS
8.3AI Score
0.852EPSS
9.8CVSS
7.1AI Score
0.052EPSS
9.8CVSS
7.6AI Score
0.959EPSS
9.8CVSS
8.2AI Score
0.852EPSS
8.8CVSS
6.5AI Score
0.012EPSS
9.8CVSS
7.5AI Score
0.082EPSS
9.8CVSS
7.9AI Score
0.028EPSS
8.8CVSS
7.8AI Score
0.613EPSS
9.8CVSS
7.9AI Score
0.959EPSS
Amazon Linux 2 : libdb (ALAS-2023-1965)
The version of libdb installed on the remote host is prior to 5.3.21-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1965 advisory. Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain...
7.5AI Score
0.0004EPSS
Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory....
7.8CVSS
7.8AI Score
0.0004EPSS
Hackers Claim They Breached T-Mobile More Than 100 Times in 2022
Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to...
-0.2AI Score
TCG TPM2.0 implementations vulnerable to memory corruption
Overview Two buffer overflow vulnerabilities were discovered in the Trusted Platform Module (TPM) 2.0 reference library specification, currently at Level 00, Revision 01.59 November 2019. An attacker who has access to a TPM-command interface can send maliciously-crafted commands to the module and.....
8.8CVSS
8.6AI Score
EPSS
Osprey Pump Controller 1.0.1 Administrator Backdoor Access Vulnerability
Osprey Pump Controller version 1.0.1 has a hidden administrative account admin that has the hardcoded password Mirage1234 that allows full access to the web management interface configuration. The user admin is not visible in Usernames and Passwords menu list (120) of the application and the...
0.9AI Score
0.6AI Score
Osprey Pump Controller 1.0.1 Administrator Backdoor Access
Title: Osprey Pump Controller 1.0.1 Administrator Backdoor Access Advisory ID: ZSL-2023-5747 Type: Local/Remote Impact: System Access, Security Bypass, DoS Risk: (5/5) Release Date: 27.02.2023 Summary Providing pumping systems and automated controls for golf courses and turf irrigation,...
9.8CVSS
9.6AI Score
0.002EPSS
BD Alaris Infusion Central (Update A)
EXECUTIVE SUMMARY CVSS v3 7.3 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Alaris Infusion Central --------- Begin Update A part 1 of 2 --------- Vulnerability: Storing Passwords in a Recoverable Format --------- End Update A part 1 of 2...
7.3CVSS
1AI Score
0.0004EPSS
CISA Releases Fifteen Industrial Control Systems Advisories
CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS...
1.7AI Score
9.8CVSS
9.5AI Score
0.003EPSS
9.8CVSS
9.7AI Score
0.003EPSS
9.8CVSS
9.6AI Score
0.003EPSS
[SECURITY] Fedora 36 Update: bind-9.16.37-1.fc36
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.5CVSS
7.7AI Score
0.001EPSS
9.9AI Score
0.003EPSS
Fedora: Security Advisory for bind (FEDORA-2023-a3d608daf4)
The remote host is missing an update for...
7.5CVSS
8AI Score
0.001EPSS
Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...
9.8CVSS
9.7AI Score
0.007EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5824-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5824-1 advisory. Service Workers should not be able to infer information about opaque cross-origin responses; but timing information...
9.8AI Score
0.007EPSS
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...
7.5CVSS
7.1AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....
7.5CVSS
7.9AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....
7.5CVSS
7AI Score
0.001EPSS
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...
7.5CVSS
8AI Score
0.001EPSS
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the...
7.5CVSS
7.6AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the.....
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been...
7.5CVSS
7AI Score
0.001EPSS