7.8CVSS
6.7AI Score
0.0004EPSS
Unpatched Critical Flaws Disclosed in U-Boot Bootloader for Embedded Devices
Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and...
1.7AI Score
0.0005EPSS
Libmobi has an unspecified vulnerability
Libmobi is a C library for handling Mobipocket/Kindle (MOBI) e-book format documents. It is used to process Mobipocket/Kindle (MOBI) eBook format documents. security vulnerability exists in versions of Libmobi prior to 0.11, which stems from buffer over-read. No detailed vulnerability details are.....
2.5AI Score
Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to...
5.4CVSS
5.9AI Score
0.001EPSS
Meet Patrick Flynn Head of Advanced Programs Group at Trellix Threat Labs By Michael Alicea · May 24, 2022 At Trellix, we celebrate and champion our people. This week, I sat down with Pat Flynn, Head of Advanced Programs Group for Trellix Threat Labs. His job is a critical one and how he goes...
-0.3AI Score
Meet Patrick Flynn Head of Advanced Programs Group at Trellix Threat Labs By Michael Alicea · May 24, 2022 At Trellix, we celebrate and champion our people. This week, I sat down with Pat Flynn, Head of Advanced Programs Group for Trellix Threat Labs. His job is a critical one and how he goes...
6.7AI Score
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp...
8.8CVSS
3.6AI Score
0.003EPSS
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp...
8.1CVSS
3AI Score
0.003EPSS
6.5CVSS
6.5AI Score
0.002EPSS
new packages: libreoffice:flatpak
An update is available for zaf, hyphen-uk, libpagemaker, hyphen-ca, hunspell-et, hyphen-eu, hyphen-ga, libvisio, raptor2, hunspell-ta, mythes-nl, hunspell-lt, hunspell-sk, ongres-scram, hunspell-hu, libshout, hunspell-nso, poppler, hunspell-nl, hunspell-hi, openjpeg2, libabw, hunspell-es,...
-0.1AI Score
new packages: perl-Sys-MemInfo
An update is available for perl-Sys-MemInfo. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky.....
2.2AI Score
An update is available for hyphen-gl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
2.2AI Score
Improper Neutralization of Input During Web Page Generation in html5lib
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute...
6.1CVSS
4.9AI Score
0.003EPSS
Cross-site Scripting in html5lib
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than...
6.1CVSS
4.5AI Score
0.003EPSS
openSUSE: Security Advisory for MozillaThunderbird (SUSE-SU-2022:1176-1)
The remote host is missing an update for...
8.8CVSS
7.6AI Score
0.004EPSS
openSUSE: Security Advisory for libcaca (SUSE-SU-2022:1476-1)
The remote host is missing an update for...
6.5CVSS
6.5AI Score
0.002EPSS
Improper Restriction of XML External Entity Reference in iText
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted...
8.8CVSS
5.9AI Score
0.006EPSS
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access...
7.5CVSS
6.8AI Score
0.001EPSS
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access...
7.5CVSS
6.7AI Score
0.001EPSS
Updated libcaca packages fix security vulnerability
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service....
6.5CVSS
4.8AI Score
0.002EPSS
perl bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References...
1.4AI Score
perl bug fix and enhancement update
An update is available for perl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8.6...
1.9AI Score
World Password Day: Brushing up on the basics
World Password Day is today, reminding us of the value of solid passwords, and good password practices generally. There are awareness days for all sorts of things, and perhaps we don't need all of them. You can't go wrong shoring up a leaky password line of defence though, so without further ado:.....
-1.1AI Score
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial...
5.5CVSS
6.3AI Score
0.0004EPSS
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an....
7.5CVSS
6.7AI Score
0.011EPSS
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could...
7.5CVSS
6.7AI Score
0.011EPSS
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow...
7.5CVSS
6.5AI Score
0.017EPSS
SUSE SLES12 Security Update : libcaca (SUSE-SU-2022:1508-1)
The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1508-1 advisory. libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service...
6.5CVSS
6.1AI Score
0.002EPSS
6.5CVSS
6.5AI Score
0.002EPSS
6.5CVSS
6.5AI Score
0.002EPSS
SUSE SLED15 / SLES15 Security Update : libcaca (SUSE-SU-2022:1476-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1476-1 advisory. libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial...
6.5CVSS
6.1AI Score
0.002EPSS
The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.20 / 6.1 < 6.1.8.20 / 7.0 < 7.0.9.30 / 7.1 < 7.1.3.30 / 8.0 < 8.0.2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the IBM Security Update January 2016 advisory. The J9 JVM in I...
9.1CVSS
8.9AI Score
0.022EPSS
How one senior developer brings the startup spirit to Microsoft
I recently had the opportunity to visit the Microsoft Africa Development Center, in my role as executive sponsor, for dedication ceremonies we hosted in both Nigeria and Kenya. All I have to say is, “Wow!” The energy at the ADC is simply electric. There’s so much optimism and so much enthusiasm...
-0.8AI Score
How one senior developer brings the startup spirit to Microsoft
I recently had the opportunity to visit the Microsoft Africa Development Center, in my role as executive sponsor, for dedication ceremonies we hosted in both Nigeria and Kenya. All I have to say is, “Wow!” The energy at the ADC is simply electric. There’s so much optimism and so much enthusiasm...
-0.8AI Score
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
0.001EPSS
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
CVE-2022-1156 Books & Papers <= 0.20210223 - Admin+ Stored Cross-Site Scripting
The Books & Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...
5AI Score
0.001EPSS
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and...
9CVSS
6AI Score
0.001EPSS
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege...
8.4CVSS
6.2AI Score
0.001EPSS
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and...
9CVSS
6AI Score
0.001EPSS
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and...
9CVSS
6AI Score
0.001EPSS
Steer clear of this “TestNTrace” SMS spam
Yesterday I received an SMS from “TestNTrace”, with the message resembling an official NHS communication: The text reads as follows: NHS: You’ve been in close contact with a person who has contracted the Omicron variant. Please order a test kit via: [URL redacted] Well, that’s an alarming thing...
-0.8AI Score
8.8CVSS
7.6AI Score
0.004EPSS
Security update for MozillaThunderbird (important)
An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Updated to version 91.8 (bsc#1197903): CVE-2022-1097: Fixed a memory corruption issue with NSSToken objects. CVE-2022-28281: Fixed a memory corruption issue due to...
7.5CVSS
1.4AI Score
0.004EPSS
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user...
7.8CVSS
6.7AI Score
0.001EPSS
Lines of code https://github.com/code-423n4/2022-04-backed/blob/main/contracts/NFTLoanFacilitator.sol#L382-L386 Vulnerability details Impact A borrower specifies a minimum loan amount. The lender can provide a loan as high as they want. As long as it's higher than the minimum value. A value too...
6.7AI Score
CVE-2022-1026: Kyocera Net View Address Book Exposure
Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function. This.....
7.5CVSS
-0.4AI Score
0.782EPSS
WordPress Books & Papers plugin <= 0.20210223 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting (XSS) vulnerability discovered by fuzzyap1 in WordPress Books & Papers plugin (versions <= 0.20210223). Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full...
4.8CVSS
2.7AI Score
0.001EPSS
Books & Papers <= 0.20210223 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed PoC Put the following payload in the Custom DB Prefix settings of the plugin: Books_n_Papers"...
4.8CVSS
2.4AI Score
0.001EPSS