[PNM-003] The preimage DB (i.e., NameWrapper.names) can be maliciously manipulated/corrupted
Lines of code Vulnerability details Description By design, the NameWrapper.names is used as a preimage DB so that the client can query the domain name by providing the token ID. The name should be correctly stored. To do so, the NameWrapper record the domain's name every time it gets wrapped. And.....
6.9AI Score
[SECURITY] Fedora 35 Update: gh-2.13.0-3.fc35
GitHub=EF=BF=BD=EF=BF=BD=EF=BF=BDs official command line...
9.1CVSS
2.4AI Score
0.005EPSS
[SECURITY] Fedora 35 Update: asciigraph-0.5.5-2.fc35
Go package to make lightweight ASCII line graph =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD in command line apps with no other...
9.1CVSS
1.5AI Score
0.005EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2022-2047)
The remote host is missing an update for the Huawei...
6.8CVSS
7.3AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2022-2019)
The remote host is missing an update for the Huawei...
6.8CVSS
7.3AI Score
0.002EPSS
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5512-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5512-1 advisory. When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character...
9.8CVSS
10.4AI Score
0.004EPSS
Releases Ubuntu 22.04 LTS Ubuntu 21.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...
9.8CVSS
9AI Score
0.004EPSS
[SECURITY] Fedora 36 Update: asciigraph-0.5.5-2.fc36
Go package to make lightweight ASCII line graph =EF=BF=BD=EF=BF=BD=EF=BF=BD =EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BD in command line apps with no other...
9.1CVSS
1.5AI Score
0.004EPSS
Experian, You Have Some Explaining to Do
Twice in the past month KrebsOnSecurity has heard from readers who had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn't theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts.....
-0.2AI Score
[SECURITY] Fedora 36 Update: gh-2.12.1-3.fc36
GitHub=EF=BF=BD=EF=BF=BD=EF=BF=BDs official command line...
9.1CVSS
8.3AI Score
0.005EPSS
[SECURITY] Fedora 36 Update: gh-2.13.0-1.fc36
GitHub=EF=BF=BD=EF=BF=BD=EF=BF=BDs official command line...
9.1CVSS
8AI Score
0.004EPSS
Debian DLA-3064-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3064 advisory. The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we...
9.8CVSS
9.4AI Score
0.004EPSS
Meet the Administrators of the RSOCKS Proxy Botnet
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone else's computer....
0.3AI Score
[SECURITY] Fedora 36 Update: gh-2.12.1-1.fc36
GitHub=EF=BF=BD=EF=BF=BD=EF=BF=BDs official command line...
2.4AI Score
Exploit for Vulnerability in Microsoft
Windows Network File System Crash PoC CVE-2022-26937...
9.8CVSS
1.7AI Score
0.826EPSS
bd-compliance.com Cross Site Scripting vulnerability OBB-2656465
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
9.8CVSS
9.7AI Score
0.826EPSS
Fedora: Security Advisory for cups (FEDORA-2022-39e057bc6d)
The remote host is missing an update for...
6.7CVSS
7AI Score
0.001EPSS
[SECURITY] Fedora 35 Update: cups-2.3.3op2-18.fc35
CUPS printing system provides a portable printing layer for UNIX=EF=BF=BD=EF=BF=BD operating systems. It has been developed by Apple In c. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...
6.7CVSS
4.1AI Score
0.001EPSS
Stealthy Symbiote Linux malware is after financial institutions
Symbiote, a new "nearly impossible to detect" Linux malware, targeted financial sectors in Latin America—and the threat actors behind it might have links to Brazil. These findings were revealed in a recent report, a joint effort between the Blackberry Research Team and Dr. Joakim Kennedy, a...
0.4AI Score
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps...
6.5CVSS
0.001EPSS
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps...
6.5CVSS
6.4AI Score
0.001EPSS
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps...
6.5CVSS
6.3AI Score
0.001EPSS
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps...
6.5CVSS
6.4AI Score
0.001EPSS
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps...
6.5CVSS
1.5AI Score
0.001EPSS
Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector
Cybersecurity researchers have taken the wraps off what they call a "nearly-impossible-to-detect" Linux malware that could be weaponized to backdoor infected systems. Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal...
0.7AI Score
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
Background CILogon is a federated auth provider that allows users to authenticate themselves via a number of Identity Providers (IdP), focused primarily on educational and research institutions (such as Universities). More traditional and open IdPs such as GitHub, ORCID, Google, Microsoft, etc are....
6.5CVSS
1.5AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
Background CILogon is a federated auth provider that allows users to authenticate themselves via a number of Identity Providers (IdP), focused primarily on educational and research institutions (such as Universities). More traditional and open IdPs such as GitHub, ORCID, Google, Microsoft, etc are....
6.5CVSS
6.1AI Score
0.001EPSS
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps...
4.2CVSS
6.6AI Score
0.001EPSS
Fedora: Security Advisory for cups (FEDORA-2022-09a89bc265)
The remote host is missing an update for...
6.7CVSS
7AI Score
0.001EPSS
[SECURITY] Fedora 36 Update: cups-2.4.2-1.fc36
CUPS printing system provides a portable printing layer for UNIX=EF=BF=BD=EF=BF=BD operating systems. It has been developed by Apple In c. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...
6.7CVSS
4.1AI Score
0.001EPSS
Debian DLA-3040-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3040 advisory. Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9....
9.8CVSS
9.8AI Score
0.002EPSS
Debian DLA-3041-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3041 advisory. Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9....
9.8CVSS
9.1AI Score
0.003EPSS
What Counts as “Good Faith Security Research?”
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging...
-0.2AI Score
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and...
5.7CVSS
5.4AI Score
0.0004EPSS
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and...
5.7CVSS
0.0004EPSS
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be...
8.8CVSS
8.6AI Score
0.001EPSS
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be...
8.8CVSS
0.001EPSS
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and...
5.7CVSS
5.4AI Score
0.0004EPSS
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be...
8.8CVSS
8.7AI Score
0.001EPSS
EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Not Using Password Aging 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to...
8.8CVSS
8.7AI Score
0.001EPSS
EXECUTIVE SUMMARY CVSS v3 5.7 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Synapsys Vulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete...
5.7CVSS
5.4AI Score
0.0004EPSS
9.9AI Score
CVE-2022-22767 BD Pyxis™ Products – Default Credentials
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be...
8.8CVSS
8.9AI Score
0.001EPSS
CVE-2022-30277 BD Synapsys™ – Insufficient Session Expiration
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and...
5.7CVSS
5.7AI Score
0.0004EPSS
LinkedIn: Can access the job name, creator name and can report any draft/under review/rejected job
The application has a functionality using which a user can report a job if he found the job is misleading/spam or fraud. Using this feature, an attacker can do report any unlisted (draft/under review/rejected) job. After reporting the job the victim will receive an email from 'LinkedIn Trust &...
-0.4AI Score
Releases Ubuntu 22.04 LTS Ubuntu 21.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...
9.8CVSS
9AI Score
0.003EPSS
ThinkAdmin directory traversal vulnerability
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode...
7.5CVSS
7.4AI Score
0.961EPSS
ThinkAdmin directory traversal vulnerability
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode...
7.5CVSS
7.1AI Score
0.961EPSS
Debian DLA-3020-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3020 advisory. Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox...
9.8CVSS
9.1AI Score
0.002EPSS