An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ocall_malloc. The return value could be a pointer to enclave memory. It could cause an arbitrary enclave memory...
7.5CVSS
7.4AI Score
0.001EPSS
Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be...
9.8CVSS
9.5AI Score
0.002EPSS
Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be...
9.6AI Score
0.002EPSS
The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys,...
6.4AI Score
0.002EPSS
The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys,...
6.6AI Score
0.002EPSS
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product...
6.6AI Score
0.001EPSS
bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain block protocol rule, which allows remote attackers to bypass intended access restrictions and conduct double-spending attacks via a large block that triggers incorrect Berkeley DB locking in older product...
6.8AI Score
0.001EPSS
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split)...
6.6AI Score
0.002EPSS
bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x before 0.6.5rc2, and 0.7.x before 0.7.3rc2, and wxBitcoin, do not properly consider whether a block's size could require an excessive number of database locks, which allows remote attackers to cause a denial of service (split)...
6.8AI Score
0.002EPSS
(RHSA-2022:6765) Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
1.6AI Score
0.005EPSS
(RHSA-2022:6764) Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
1.6AI Score
0.005EPSS
An update is available for bind. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation of the Domain...
7.5CVSS
8AI Score
0.005EPSS
(RHSA-2022:6763) Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
1.5AI Score
0.005EPSS
Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
7.7AI Score
0.005EPSS
Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
8.1AI Score
0.005EPSS
Important: bind security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.5CVSS
7.7AI Score
0.005EPSS
Fedora: Security Advisory for bind (FEDORA-2022-b197d64471)
The remote host is missing an update for...
7.5CVSS
7.1AI Score
0.005EPSS
[SECURITY] Fedora 35 Update: bind-9.16.33-1.fc35
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.5CVSS
1.4AI Score
0.005EPSS
Qualys Threat Research Thursday
Welcome to the second edition of the Qualys Research Team’s “Threat Research Thursday”, where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. Feedback on our first edition, Introducing Qualys Threat Research...
9.8CVSS
0.2AI Score
0.128EPSS
Fedora: Security Advisory for bind (FEDORA-2022-8268735e06)
The remote host is missing an update for...
7.5CVSS
7.1AI Score
0.005EPSS
[SECURITY] Fedora 36 Update: bind-9.16.33-1.fc36
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.5CVSS
8AI Score
0.005EPSS
Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2022-2350)
The remote host is missing an update for the Huawei...
3.3CVSS
6.8AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2022-2386)
The remote host is missing an update for the Huawei...
3.3CVSS
6.8AI Score
0.001EPSS
[SECURITY] Fedora 37 Update: bind-9.18.7-1.fc37
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
7.5CVSS
8AI Score
0.005EPSS
Fedora: Security Advisory for bind (FEDORA-2022-ef038365de)
The remote host is missing an update for...
7.5CVSS
7.1AI Score
0.005EPSS
Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.
A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United....
1.1AI Score
EulerOS Virtualization 2.9.0 : libdb (EulerOS-SA-2022-2386)
According to the versions of the libdb package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior...
3.3CVSS
0.7AI Score
0.001EPSS
EulerOS Virtualization 2.9.1 : libdb (EulerOS-SA-2022-2350)
According to the versions of the libdb package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior...
3.3CVSS
0.7AI Score
0.001EPSS
ISC Releases Security Advisories for Multiple Versions of BIND 9
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions. For...
7.5CVSS
2.6AI Score
0.005EPSS
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be...
6.1CVSS
6.2AI Score
0.001EPSS
bd-best.com Cross Site Scripting vulnerability OBB-2932077
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2022-2323)
The remote host is missing an update for the Huawei...
3.3CVSS
6.8AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2022-2294)
The remote host is missing an update for the Huawei...
3.3CVSS
6.8AI Score
0.001EPSS
EulerOS 2.0 SP9 : libdb (EulerOS-SA-2022-2323)
According to the versions of the libdb package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and...
3.3CVSS
0.5AI Score
0.001EPSS
EulerOS 2.0 SP9 : libdb (EulerOS-SA-2022-2294)
According to the versions of the libdb package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and...
3.3CVSS
0.5AI Score
0.001EPSS
Security Advisory - Out-of-bounds Read and Write Vulnerability in Some Huawei Headset Products
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be...
6.1CVSS
6.2AI Score
0.001EPSS
9.8CVSS
9.6AI Score
0.008EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
[SECURITY] Fedora 36 Update: varnish-7.0.3-1.fc36
This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=EF=BF=BD=EF=BF =BD=EF=BF=BDt have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a...
7.5CVSS
0.7AI Score
0.002EPSS
Ukraine war spotlights agriculture sector's vulnerability to cyber attack
By Joe Marshall. The war in Ukraine has caused massive problems for global food supplies, underscoring the high impact of disruptive events to agriculture entities and related organizations. The challenges to the Ukrainian agriculture sector imposed by the war--and global ripple effects--have...
0.3AI Score
Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2022-2274)
The remote host is missing an update for the Huawei...
3.3CVSS
6.8AI Score
0.001EPSS
EulerOS 2.0 SP5 : libdb (EulerOS-SA-2022-2274)
According to the versions of the libdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and...
3.3CVSS
0.5AI Score
0.001EPSS
The Race to Secure eBPF for Windows
The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...
8.3AI Score
The Race to Secure eBPF for Windows
The Race to Secure eBPF for Windows By Trellix · August 11, 2022 This blog was written by Douglas McKee Innovation often improves functionality and even security; however, adoption starts slow. Adoption often doesn’t increase at a linear rate but at an exponential rate leaving behind attack...
8.6AI Score
VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges
In late August 2020, we published an overview of DeathStalker's profile and malicious activities, including their Janicab, Evilnum and PowerSing campaigns (PowerPepper was later documented in 2020). Notably, we exposed why we believe the threat actor may fit a group of mercenaries, offering...
0.1AI Score
Unbreakable Enterprise kernel security update
[5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add...
-0.3AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add...
-0.3AI Score
0.001EPSS
Universities Put Email Users at Cyber Risk
Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. Ninety-seven percent of the top 10 universities in the United....
1.7AI Score
Here’s a Simple Script to Detect the Stealthy Nation-State BPFDoor
In this blog, the Qualys Research Team explains the mechanics of a Linux malware variant named BPFdoor. We then demonstrate the efficacy of Qualys Custom Assessment and Remediation to detect it, and Qualys Multi-Vector EDR to protect against it. BPFDoor is a Linux/Unix backdoor that allows threat.....
-0.1AI Score
[SECURITY] Fedora 36 Update: asciigraph-0.5.5-3.fc36
Go package to make lightweight ASCII line graph =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD in command line apps with no other...
1.5AI Score