Berkeley-AL20, Berkeley-BD Security Vulnerabilities

Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5345-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5345-1 advisory. If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document...

Fedora: Security Advisory for bind (FEDORA-2022-427cfc50f8)

The remote host is missing an update for...

Thunderbird vulnerabilities

Releases Ubuntu 21.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

Berkeley Internet Name Domain (BIND) affected by multiple vulnerabilities

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Internet Systems Consortium (ISC) has published security upgrades to address several vulnerabilities in the widely used Berkeley Internet Name Domain (BIND) server software. An attacker could take advantage of some of...

[SECURITY] Fedora 35 Update: bind-9.16.27-1.fc35

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

[SECURITY] Fedora 35 Update: ghostwriter-2.1.2-1.fc35

Ghostwriter is a text editor for Markdown, which is a plain text markup format created by John Gruber. For more information about Markdown, please visit John Gruber=EF=BF=BD=EF=BF=BD=EF=BF=BDs website at http://www.daringf ireball.net. Ghostwriter provides a relaxing, distraction-free writing...

[SECURITY] Fedora 34 Update: ghostwriter-2.1.2-1.fc34

Ghostwriter is a text editor for Markdown, which is a plain text markup format created by John Gruber. For more information about Markdown, please visit John Gruber=EF=BF=BD=EF=BF=BD=EF=BF=BDs website at http://www.daringf ireball.net. Ghostwriter provides a relaxing, distraction-free writing...

Debian DLA-2961-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2961 advisory. If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked,...

OX App Suite 7.10.5 Cross Site Scripting

...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster Operating System

CVE-2022-24990 CVE-2022-24990 TerraMaster TOS...

Treck TCP/IP Stack (Update H)

EXECUTIVE SUMMARY CVSS v3 10.0 --------- Begin Update H Part 1 of 3 --------- ATTENTION: Exploitable remotely/public exploits are available --------- End Update H Part 1 of 3 --------- Vendor: Treck Inc. Equipment: TCP/IP Vulnerabilities: Improper Handling of Length Parameter...

ISC Releases Security Advisories for BIND

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and...

CodeAnalysis - Static Code Analysis

Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a...

[SECURITY] Fedora 35 Update: pipenv-2021.5.29-7.fc35

The Python packaging tool that aims to bring the best of all packaging worlds (bundler, composer, npm, cargo, yarn, etc.) to the Python world. It automatically creates and manages a virtualenv for your projects, as well as adds/removes packages from your Pipfile as you install/uninstall packages......

[SECURITY] Fedora 34 Update: pipenv-2020.11.15-3.fc34

The Python packaging tool that aims to bring the best of all packaging worlds (bundler, composer, npm, cargo, yarn, etc.) to the Python world. It automatically creates and manages a virtualenv for your projects, as well as adds/removes packages from your Pipfile as you install/uninstall packages......

New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to...

Debian DLA-2942-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2942 advisory. If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked,...

Debian DLA-2939-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2939 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild...

Intel® Processor Advisory

Summary: Potential security vulnerabilities in some Intel® Processors may allow information disclosure. Intel is releasing prescriptive guidance to address these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-0001 Description: Non-transparent sharing of branch predictor...

Debian DLA-2933-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2933 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild...

BD Viper LT

EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Viper LT Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete...

BD Pyxis

EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to electronic protected health information (ePHI) or...

Debian DLA-2930-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2930 advisory. It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of- bounds write of one byte when processing the message. This...

[SECURITY] Fedora 34 Update: protobuf-3.14.0-7.fc34

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

[SECURITY] Fedora 35 Update: libnbd-1.10.5-1.fc35

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF =BF=BD is a protocol for accessing Block Devices (hard disks and disk-like things) over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: *...

Journalist won’t be indicted for hacking for viewing a state website’s HTML

A journalist incorrectly branded as a "hacker" by the governor of Missouri won't be prosecuted "for hacking". This was a quick and foreseen win for St. Louis Post-Dispatch reporter Josh Renaud after a prosecutor from Cole County dismissed Missouri Governor Mike Parson's criminal charges against...

[SECURITY] Fedora 35 Update: protobuf-3.14.0-7.fc35

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

[SECURITY] Fedora 35 Update: varnish-6.6.2-2.fc35

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=EF=BF=BD=EF=BF =BD=EF=BF=BDt have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a...

Security Manager Guide – Job Description and How to Become

**Introduction ** This guide discloses how to turn into a security supervisor, as well as the means to take to begin in this productive and intriguing industry. Keep perusing to find about the instructive, and certificate prerequisites for cybersecurity managers in the work environment. Bosses...

Debian DLA-2921-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2921 advisory. Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed...

egcb.gov.bd Cross Site Scripting vulnerability OBB-2369861

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| egcb.gov.bd ---|--- Open Bug Bounty...

CVE-2022-22765

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable...

CVE-2022-22765

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable...

Hardcoded credentials

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable...

CVE-2022-22766

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...

CVE-2022-22766 BD Pyxis Products - Hardcoded Credentials

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...

CVE-2022-22766

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...

Hardcoded credentials

Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...

CVE-2022-22765 BD Viper LT System - Hardcoded Credentials

BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable...

AlmaLinux 8 : libdb (ALSA-2021:1675)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1675 advisory. Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32....

Shopmetrics Mystery Shopping Software Broken Access Control / XSS Vulnerability

...

ACTINIUM targets Ukrainian organizations

The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. MSTIC previously tracked ACTINIUM...

ACTINIUM targets Ukrainian organizations

The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. MSTIC previously tracked ACTINIUM...

[SECURITY] Fedora 35 Update: trojita-0.7.0.1-0.13.20220117git266c757.fc35

Trojit=EF=BF=BD=EF=BF=BD is a IMAP e-mail client which: * Enables you to access your mail anytime, anywhere. * Does not slow you down. If we can improve the productivity of an e-mail user, we better do. * Respects open standards and facilitates modern technologies. We value the...

[SECURITY] Fedora 34 Update: trojita-0.7.0.1-0.13.20220117git266c757.fc34

Trojit=EF=BF=BD=EF=BF=BD is a IMAP e-mail client which: * Enables you to access your mail anytime, anywhere. * Does not slow you down. If we can improve the productivity of an e-mail user, we better do. * Respects open standards and facilitates modern technologies. We value the...

Shopmetrics Mystery Shopping Software Broken Access Control / XSS

...

bind security update

[32:9.8.2-0.68.rc1.0.3.8] - Backport fix for CVE-2018-5741 [Orabug: 33496185] [32:9.8.2-0.68.rc1.0.2.8] - Backport possible assertion failure on DNAME processing (CVE-2021-25215) [32:9.8.2-0.68.rc1.0.1.8] - Backport the fix for buffer overflow (CVE-2020-8625) (Orabug: 32588749)...

Mageia: Security Advisory (MGASA-2021-0057)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-4997-1)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2017-0380)

The remote host is missing an update for...