EulerOS 2.0 SP1 : libvncserver (EulerOS-SA-2018-1139)
According to the version of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerability : LibVNCServer makes writing a VNC server (or more correctly, a program exporting a framebuffer via the Remote Frame Buffer protocol)...
9.8CVSS
0.4AI Score
0.013EPSS
Node.js third-party modules: Privilage escalation with malicious .npmrc
Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a) basic social engineering - convincing victim to run npm in attacker-controlled folder (eg. repository), including such innocent ones like "npm...
0.1AI Score
AI Score
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at...
4.6CVSS
5.3AI Score
0.001EPSS
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at...
4.6CVSS
4.8AI Score
0.001EPSS
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at...
4.6CVSS
5.2AI Score
0.001EPSS
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at...
4.8AI Score
0.001EPSS
Samsung Patches Six Critical Bugs in Flagship Handsets
Samsung began rolling out patches over the weekend to fix six critical bugs found in its flagship Android handsets as part of its May patch bulletin. Flaws range from a remote code execution bug to a buffer overflow vulnerability, plus a peek-and-poke command bug that leaves memory locations open.....
0.2AI Score
0.002EPSS
[SECURITY] Fedora 28 Update: papi-5.6.0-5.fc28
PAPI provides a programmer interface to monitor the performance of running...
2.5AI Score
All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the...
5.7CVSS
5.4AI Score
0.0004EPSS
All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the...
5.7CVSS
6.1AI Score
0.0004EPSS
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment...
5.3CVSS
5AI Score
0.001EPSS
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment...
5.3CVSS
5.8AI Score
0.001EPSS
All versions of the Medtronic 2090 Carelink Programmer are affected by a directory traversal vulnerability where the product's software deployment network could allow an attacker to read files on the...
5.7CVSS
6.1AI Score
0.0004EPSS
All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment...
5.3CVSS
5.9AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon PI Studio HMI Project Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
5.3CVSS
5AI Score
0.001EPSS
Spartacus ransomware: introduction to a strain of unsophisticated malware
Spartacus ransomware is a new sample that has been circulating in 2018. Written in C#, the original sample is obfuscated, which we will go over as we extract it to its readable state. Spartacus is a relatively straight-forward ransomware sample and uses some similar techniques and code to others...
6.9AI Score
Heatmiser WiFi thermostat vulnerabilities
Update – if your heating is misbehaving you need to disable port forwarding to port 80 and port 8068. This should be simply following the reverse of whatever you did to set port forwarding up. Alternatively, you could disable WiFi entirely by putting invalid SSID and password in – I believe the...
-0.2AI Score
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted...
5.3CVSS
5.4AI Score
0.001EPSS
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted...
5.3CVSS
5.3AI Score
0.001EPSS
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted...
5.3CVSS
5.4AI Score
0.001EPSS
WECON Technology Co., Ltd. LeviStudio HMI Editor and PI Studio HMI Project Programmer
EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Low skill level to exploit. Vendor: WECON Technology Co., Ltd. (WECON) Equipment: LeviStudio HMI Editor, and PI Studio HMI Project Programmer Vulnerabilities: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these...
5.3CVSS
6.7AI Score
0.001EPSS
Hackers build a 'Master Key' that unlocks millions of Hotel rooms
If you often leave your valuable and expensive stuff like laptop and passports in the hotel rooms, then beware. Your room can be unlocked by not only a malicious staff having access to the master key, but also by an outsider. A critical design vulnerability in a popular and widely used...
-0.2AI Score
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted...
5.5AI Score
0.001EPSS
Abbott Laboratories Defibrillator
EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely Vendor: Abbott Laboratories Equipment: Implantable Cardioverter Defibrillator and Cardiac Synchronization Therapy Defibrillator Vulnerabilities: Improper Authentication and Improper Restriction of Power Consumption MedSec...
8.8CVSS
8.7AI Score
0.001EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.8CVSS
7.5AI Score
0.233EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.8CVSS
7.5AI Score
0.001EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.8CVSS
7.7AI Score
0.233EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.8CVSS
7.5AI Score
0.258EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.8CVSS
7.5AI Score
0.233EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.8CVSS
7.5AI Score
0.001EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.8CVSS
7.5AI Score
0.258EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.8CVSS
7.7AI Score
0.258EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.8CVSS
7.6AI Score
0.001EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.7AI Score
0.258EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.6AI Score
0.001EPSS
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and.....
7.7AI Score
0.233EPSS
OVERVIEW MedSec Holdings Ltd has identified vulnerabilities in Abbott Laboratories’ (formerly St. Jude Medical) pacemakers. Abbott has produced a firmware patch to help mitigate the identified vulnerabilities in their pacemakers that utilize radio frequency (RF) communications. A third-party...
8.8CVSS
8.1AI Score
0.001EPSS
OMRON CX-One CX-Programmer mbsnbcat Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...
7.8CVSS
3AI Score
0.258EPSS
EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low skill level to exploit. Vendor: Omron Equipment: CX-One Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Type Confusion_._ 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code...
7.8CVSS
8.1AI Score
0.258EPSS
[SECURITY] Fedora 26 Update: libvncserver-0.9.11-3.fc26
LibVNCServer makes writing a VNC server (or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression...
9.8CVSS
2.2AI Score
0.013EPSS
[SECURITY] Fedora 28 Update: libvncserver-0.9.11-6.fc28
LibVNCServer makes writing a VNC server (or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression...
9.8CVSS
2.2AI Score
0.013EPSS
[SECURITY] Fedora 28 Update: cfitsio-3.430-1.fc28
CFITSIO is a library of C and FORTRAN subroutines for reading and writing data files in FITS (Flexible Image Transport System) data format. CFITSIO simplifies the task of writing software that deals with FITS files by providing an easy to use set of high-level routines that insulate the programmer....
1.4AI Score
While doing threat research, teams need a lot of tools and systems to aid their hunting efforts – from systems storing Passive DNS data and automated malware classification to systems allowing researchers to pattern-match a large volume of data in a relatively short period of time. These tools are....
6.9AI Score
[SECURITY] Fedora 27 Update: libvncserver-0.9.11-5.fc27
LibVNCServer makes writing a VNC server (or more correctly, a program expor ting a frame-buffer via the Remote Frame Buffer protocol) easy. It hides the programmer from the tedious task of managing clients and compression...
9.8CVSS
2.2AI Score
0.013EPSS
Multiple security firms recently identified cryptocurrency mining service Coinhive as the top malicious threat to Web users, thanks to the tendency for Coinhive's computer code to be used on hacked Web sites to steal the processing power of its visitors' devices. This post looks at how Coinhive...
6.9AI Score
Facebook Collected Your Android Call History and SMS Data For Years
Facebook knows a lot about you, your likes and dislikes—it's no surprise. But do you know, if you have installed Facebook Messenger app on your Android device, there are chances that the company had been collecting your contacts, SMS, and call history data at least until late last year. A...
7.1AI Score
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5......
7.5CVSS
7.2AI Score
0.001EPSS
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5......
7.5CVSS
7.4AI Score
0.001EPSS
If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5......
7.5CVSS
7.3AI Score
0.001EPSS