Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command...
9.1AI Score
0.001EPSS
Rapid7: Supporting the Community at BSides Boston
One of the things I love about working at Rapid7 is how deeply this company embodies the concept of giving back to the Security Community. Whether it be discussing research on adversary analytics, attack methods for breaking out of sandboxes, or simply breaking into the industry - Rapid7...
6.7AI Score
OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0056)
The remote OracleVM system is missing necessary patches to address critical security updates : Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] (CVE-2016-9644) Revert 'fix minor infoleak in get_user_ex' (Brian Maly) ...
9.8CVSS
7.5AI Score
0.052EPSS
Unbreakable Enterprise kernel security update
kernel-uek [4.1.12-61.1.33] - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644} - Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644} [4.1.12-61.1.32] - x86/mm: Expand the...
9.8CVSS
-0.3AI Score
0.052EPSS
2011 Article "Become a Hunter" The term "threat hunting" has been popular with marketers from security companies for about five years. Yesterday Anton Chuvakin asked about the origin of the term. I appear to have written the first article describing threat hunting in any meaningful way. It was...
7AI Score
DOJ Dismisses Playpen Case to Keep Tor Hack Private
Intent on keeping details private about how it hacked the Tor browser, prosecutors with the U.S. Department of Justice on Friday asked to dismiss a case involving a suspect who visited the Playpen dark web child pornography site in 2015. “The government must now choose between disclosure of...
-0.4AI Score
kernel security, bug fix, and enhancement update
[3.10.0-514.10.2.OL7] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) Update x509.genkey [bug 24817676] [3.10.0-514.10.2] [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO...
7.8CVSS
0.4AI Score
0.0004EPSS
USN-3119-1: Bind vulnerability | Cloud Foundry
USN-3119-1: Bind vulnerability Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 LTS Description Bind could be made to crash if it received specially crafted network traffic. Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing...
7.5CVSS
6.9AI Score
0.951EPSS
(RHSA-2016:2871) Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
6.8AI Score
0.951EPSS
RHEL 6 : bind (RHSA-2016:2871)
An update for bind is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6...
7.5CVSS
-0.4AI Score
0.951EPSS
CentOS 7 : bind (CESA-2016:2615)
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the....
7.5CVSS
-0.5AI Score
0.951EPSS
CentOS Errata and Security Advisory CESA-2016:2615 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...
7.5CVSS
7.5AI Score
0.951EPSS
OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0158) (Dirty COW)
The remote OracleVM system is missing necessary patches to address critical security updates : mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928646] (CVE-2016-5195) HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug:...
7.8CVSS
0.3AI Score
0.879EPSS
Oracle Linux 7 : bind (ELSA-2016-2615)
From Red Hat Security Advisory 2016:2615 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,...
7.5CVSS
-0.5AI Score
0.951EPSS
Debian Security Advisory DSA 3703-1 (bind9 - security update)
Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...
0.2AI Score
0.951EPSS
RHEL 7 : bind (RHSA-2016:2615)
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the....
7.5CVSS
-0.5AI Score
0.951EPSS
Updated bind packages fix security vulnerability
Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...
7.5CVSS
2.1AI Score
0.951EPSS
(RHSA-2016:2615) Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
6.8AI Score
0.951EPSS
Debian DSA-3703-1 : bind9 - security update
Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...
7.5CVSS
0.2AI Score
0.951EPSS
RHEL 5 : bind97 (RHSA-2016:2142)
An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...
7.5CVSS
-0.4AI Score
0.951EPSS
Oracle Linux 5 / 6 : bind (ELSA-2016-2141)
From Red Hat Security Advisory 2016:2141 : An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which...
7.5CVSS
-0.3AI Score
0.951EPSS
CentOS 5 / 6 : bind (CESA-2016:2141)
An update for bind is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available.....
7.5CVSS
-0.5AI Score
0.951EPSS
CentOS 5 : bind97 (CESA-2016:2142)
An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from...
7.5CVSS
-0.4AI Score
0.951EPSS
Debian DLA-696-1 : bind9 security update
Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial of service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...
7.5CVSS
-0.4AI Score
0.951EPSS
Oracle Linux 5 : bind97 (ELSA-2016-2142)
From Red Hat Security Advisory 2016:2142 : An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,....
7.5CVSS
-0.4AI Score
0.951EPSS
[SECURITY] [DLA 696-1] bind9 security update
Package : bind9 Version : 1:9.8.4.dfsg.P1-6+nmu2+deb7u13 CVE ID : CVE-2016-8864 Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a...
7.5CVSS
8.2AI Score
0.951EPSS
CentOS Errata and Security Advisory CESA-2016:2142 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...
7.5CVSS
7.5AI Score
0.951EPSS
CentOS Errata and Security Advisory CESA-2016:2141 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...
7.5CVSS
7.5AI Score
0.951EPSS
Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...
7.5CVSS
1.9AI Score
0.951EPSS
(RHSA-2016:2141) Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
6.8AI Score
0.951EPSS
(RHSA-2016:2142) Important: bind97 security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
6.8AI Score
0.951EPSS
[SECURITY] [DSA 3703-1] bind9 security update
Debian Security Advisory DSA-3703-1 [email protected] https://www.debian.org/security/ Florian Weimer November 01, 2016 https://www.debian.org/security/faq Package : bind9 CVE ID : CVE-2016-8864 Debian Bug :...
7.5CVSS
7.7AI Score
0.951EPSS
Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...
7.5CVSS
4.2AI Score
0.951EPSS
Releases Ubuntu 16.10 Ubuntu 16.04 ESM Ubuntu 14.04 ESM Ubuntu 12.04 Packages bind9 - Internet Domain Name Server Details Tony Finch and Marco Davids discovered that Bind incorrectly handled certain responses containing a DNAME answer. A remote attacker could possibly use this issue to cause...
7.5CVSS
7.1AI Score
0.951EPSS
White House Hires First Federal CISO
The White House announced yesterday it has hired retired Brigadier General Gregory J. Touhill, right, to serve as the first federal chief information security officer. Touhill will be responsible for setting policies, strategies and practices across federal agencies. According to a White House...
-0.1AI Score
Fallout Over OPM Breach Report Begins
Wednesday’s bombshell report on the U.S. Office of Personnel Management breaches that exposed sensitive data belonging to more than 22 million people has sparked a cavalcade of finger pointing, politicking and squabbling over who knew what first. The scathing report by Republicans on the U.S....
-0.3AI Score
Threat Outbreak Alert RuleID24477: Email Messages Distributing Malicious Software on August 23, 2016
Medium Alert ID: 48565 First Published: 2016 August 23 17:42 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID24477) may contain the following...
0.3AI Score
Threat Outbreak Alert RuleID24476: Email Messages Distributing Malicious Software on August 21, 2016
Medium Alert ID: 48540 First Published: 2016 August 22 15:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID24476) may contain the following...
0.1AI Score
(RHSA-2016:1634) Important: CFME 5.6.1 security, bug fix, and enhancement update
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack...
8.8CVSS
1.5AI Score
0.005EPSS
Speed Tony CMS App_Site/SiteSearch. the aspx file Title parameter SQL injection vulnerability
No description provided by...
7.1AI Score
Tony the Truck and his Friends - Customized SSL, External URLs, Native code usage vulnerabilities
HackApp vulnerability scanner discovered that application Tony the Truck and his Friends published at the 'play' market has multiple...
0.3AI Score
Citrix XenApp and XenDesktop Hardening Guidance
A Joint Whitepaper from Mandiant and Citrix Throughout the course of Mandiant’s Red Team and Incident Response engagements, we frequently identify a wide array of misconfigured technology solutions, including Citrix XenApp and XenDesktop. We often see attackers leveraging stolen credentials from...
2.9AI Score
Medium Alert ID: 43959 First Published: 2016 March 9 15:48 GMT Last Updated: 2016 August 18 16:46 GMT Version: 34 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat...
-0.4AI Score
0.2AI Score
0.006EPSS
Mark Zuckerberg Plans to Build Iron Man's JARVIS like Artificially Intelligent Assistant
What's the coolest part of the Iron Man movies? The hyper-intelligent Artificial Intelligence that helps Tony Stark by doing data analysis, charging his armor, presenting information at crucial times and doing other business operations. That's right — we are talking about J.A.R.V.I.S., Iron Man's.....
6.5AI Score
0.3AI Score
HP SiteScope DNS Tool Command Injection Exploit
This Metasploit module exploits a command injection vulnerability discovered in HP SiteScope 11.30 and earlier versions (tested in 11.26 and 11.30). The vulnerability exists in the DNS Tool allowing an attacker to execute arbitrary commands in the context of the service. By default, HP SiteScope...
8.2AI Score
HP SiteScope DNS Tool Command Injection
This module exploits a command injection vulnerability discovered in HP SiteScope 11.30 and earlier versions (tested in 11.26 and 11.30). The vulnerability exists in the DNS Tool allowing an attacker to execute arbitrary commands in the context of the service. By default, HP SiteScope installs and....
8.2AI Score
5.9AI Score
0.014EPSS
6.7AI Score
0.001EPSS