eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a.....
8.2CVSS
8AI Score
0.001EPSS
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a.....
8.2CVSS
8.1AI Score
0.001EPSS
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a.....
8.2CVSS
8AI Score
0.001EPSS
eQ-3 Homematic CCU3 AddOn 'Mediola NEO Server for Homematic CCU3' prior to 2.4.5 allows uncontrolled admin access to start or stop the Node.js process, resulting in the ability to obtain mediola configuration details. This is related to improper access control for addons configuration pages and a.....
8.1AI Score
0.001EPSS
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary...
8.1CVSS
8.8AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Google Android
CVE-2019-2107 CVE-2019-2107 CVE-2019-2107 - looks scary....
8.8CVSS
8.8AI Score
0.009EPSS
Neo-Nazi SWATters Target Dozens of Journalists
Nearly three dozen journalists at a broad range of major publications have been targeted by a far-right group that maintains a Deep Web database listing the personal information of people who threaten their views. This group specializes in encouraging others to harass those targeted by their ire,.....
6.7AI Score
Metasploit Reverse Session Takeover Vulnerability
Exploit for multiple platform in category local...
-0.3AI Score
0.1AI Score
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Microsoft Windows Task Scheduler suffers from a local privilege escalation vulnerability. The Windows MMC auto-elevates members of the 'administrators' group via the GUI and MMC snap-ins (via mmc.exe) automatically elevate without prompting UAC potentially leading to unintentional elevation of...
0.4AI Score
Exploit for Out-of-bounds Write in Google Android
CVE-2019-2107 CVE-2019-2107 CVE-2019-2107 - looks scary....
8.8CVSS
-0.4AI Score
0.009EPSS
Securing your red team kit with Uncomplicated Firewall
After reading Identifying Cobalt Strike team servers in the wild I started thinking, why are people not firewalling off their kit? If you read the above post and I suggest you do, you will see under section “Scanning and Results” that the research concluded that 7718 unique Cobalt Strike (CS) team....
6.7AI Score
SUSE SLED12 / SLES12 Security Update : mutt (SUSE-SU-2019:1196-1)
This update for mutt fixes the following issues : Security issues fixed : bsc#1101428: Mutt 1.10.1 security release update. CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). CVE-2018-14353: Fix imap_quote_string in imap/util.c that has an....
AI Score
0.014EPSS
Intelbras IWR 3000N - Denial of Service (Remote Reboot) Vulnerability
Exploit for hardware platform in category web...
0.2AI Score
0.041EPSS
Netgear DGN2200 / DGND3700 - Admin Password Disclosure Vulnerability
Exploit for hardware platform in category web...
AI Score
0.174EPSS
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web...
0.6AI Score
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery
Intelbras IWR 3000N 1.5.0 - Cross-Site Request...
8.8CVSS
0.2AI Score
0.007EPSS
AI Score
0.174EPSS
7.5CVSS
7.7AI Score
EPSS
8.8CVSS
8.9AI Score
EPSS
9.8CVSS
9.6AI Score
0.174EPSS
Netgear DGN2200 DGND3700 - Admin Password Disclosure
Netgear DGN2200 DGND3700 - Admin Password...
9.8CVSS
AI Score
0.174EPSS
-0.2AI Score
0.041EPSS
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
Intelbras IWR 3000N - Denial of Service (Remote...
7.5CVSS
-0.3AI Score
0.041EPSS
0.2AI Score
0.007EPSS
2 Million IoT Devices Vulnerable to Complete Takeover
Over 2 million IP security cameras, baby monitors and smart doorbells have serious vulnerabilities that could enable an attacker to hijack the devices and spy on their owners — and there’s currently no known patch for the shared flaws. The attack stems from peer-to-peer (P2P) communication...
0.7AI Score
0.973EPSS
Cobalt Strike. Walkthrough for Red Teamers
What is Cobalt Strike? Raphael Mudge is the creator of Cobalt Strike (CS), around 2010 he released a tool titled Armitage, which is described by wikipedia as a graphical cyber-attack management for the Metasploit Project, to put this more bluntly, Armitage is a gui that allows you to easily...
7.2AI Score
Security Advisory - FragmentSmack Vulnerability in Linux Kernel
There is a DoS vulnerability in the Linux Kernel versions 3.9+ known as a FragmentSmack attack. Remote attackers could send fragmented IPv4 or IPv6 packets to the affected device to trigger time and calculation reassembly algorithms that could consume excessive CPU resources, resulting in a DoS...
7.5CVSS
6.7AI Score
0.017EPSS
openSUSE Security Update : mutt (openSUSE-2019-52)
This update for mutt fixes the following issues : Security issues fixed : bsc#1101428: Mutt 1.10.1 security release update. CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox literal count size (bsc#1101583). CVE-2018-14353: Fix imap_quote_string in...
9.8CVSS
9.1AI Score
0.014EPSS
openSUSE: Security Advisory for mutt (openSUSE-SU-2019:0052-1)
The remote host is missing an update for...
9.8CVSS
8.1AI Score
0.014EPSS
Security update for mutt (important)
An update that solves 16 vulnerabilities and has 6 fixes is now available. Description: This update for mutt fixes the following issues: Security issues fixed: bsc#1101428: Mutt 1.10.1 security release update. CVE-2018-14351: Fix imap/command.c that mishandles long IMAP status mailbox...
9.8CVSS
2.7AI Score
0.014EPSS
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial.....
5.5CVSS
5.7AI Score
0.001EPSS
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial.....
5.5CVSS
5.6AI Score
0.001EPSS
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial.....
5.5CVSS
5.7AI Score
0.001EPSS
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial.....
5.7AI Score
0.001EPSS
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to read/send mail or change the...
9.8CVSS
9.3AI Score
0.006EPSS
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the...
9.8CVSS
9.3AI Score
0.006EPSS
Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to inject arbitrary web script or HTML via unspecified...
6.1CVSS
6.3AI Score
0.002EPSS
Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via Cookie...
9.8CVSS
9.8AI Score
0.026EPSS
Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R3.0 and earlier, Denbun IMAP version V3.3I R3.0 and earlier) allows remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition via multipart/form-data format...
9.8CVSS
9.8AI Score
0.026EPSS
SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via HTTP requests for mail...
8.8CVSS
9.2AI Score
0.002EPSS
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) allows remote authenticated attackers to upload and execute any executable files via unspecified...
8.8CVSS
8.6AI Score
0.004EPSS
Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified...
9.8CVSS
9.3AI Score
0.006EPSS
Security Advisory - SegmentSmack Vulnerability in Linux Kernel
There is a DoS vulnerability in the Linux Kernel versions 4.9+ known as a SegmentSmack attack. Remote attackers may send TCP packets to Linux kernel to make it calls the very expensive functions tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() of the affected device which can lead to a denial of....
7.5CVSS
2.9AI Score
0.783EPSS
Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain...
6.8CVSS
6.6AI Score
0.001EPSS
Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain...
6.8CVSS
6.6AI Score
0.001EPSS
Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain...
6.8CVSS
6.6AI Score
0.001EPSS
Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain...
6.6AI Score
0.001EPSS
Security Advisory - Lock-screen Bypass Vulnerability in Huawei Mate RS Smartphones
There is a lock-screen bypass vulnerability in Huawei Mate RS smartphones. An attacker could unlock and use the phone through certain operations. (Vulnerability ID: HWPSIRT-2018-06108) This vulnerability has been assigned a CVE ID: CVE-2018-7929. Huawei has released software updates to fix this...
6.8CVSS
6.4AI Score
0.001EPSS
[SECURITY] Fedora 28 Update: yubico-piv-tool-1.6.0-1.fc28
The Yubico PIV tool is used for interacting with the Privilege and Identification Card (PIV) applet on a YubiKey NEO. With it you may generate keys on the device, importing keys and certificate s, and create certificate requests, and other operations. A shared library and a command-line tool is...
2.8AI Score