Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5345-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5345-1 advisory. If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document...
9.6CVSS
8.8AI Score
0.004EPSS
Fedora: Security Advisory for bind (FEDORA-2022-427cfc50f8)
The remote host is missing an update for...
6.8CVSS
6.7AI Score
0.002EPSS
Releases Ubuntu 21.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...
9.6CVSS
9.5AI Score
0.004EPSS
Berkeley Internet Name Domain (BIND) affected by multiple vulnerabilities
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here The Internet Systems Consortium (ISC) has published security upgrades to address several vulnerabilities in the widely used Berkeley Internet Name Domain (BIND) server software. An attacker could take advantage of some of...
0.5AI Score
0.002EPSS
[SECURITY] Fedora 35 Update: bind-9.16.27-1.fc35
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
6.8CVSS
7.3AI Score
0.002EPSS
[SECURITY] Fedora 35 Update: ghostwriter-2.1.2-1.fc35
Ghostwriter is a text editor for Markdown, which is a plain text markup format created by John Gruber. For more information about Markdown, please visit John Gruber=EF=BF=BD=EF=BF=BD=EF=BF=BDs website at http://www.daringf ireball.net. Ghostwriter provides a relaxing, distraction-free writing...
9.8CVSS
0.3AI Score
0.065EPSS
[SECURITY] Fedora 34 Update: ghostwriter-2.1.2-1.fc34
Ghostwriter is a text editor for Markdown, which is a plain text markup format created by John Gruber. For more information about Markdown, please visit John Gruber=EF=BF=BD=EF=BF=BD=EF=BF=BDs website at http://www.daringf ireball.net. Ghostwriter provides a relaxing, distraction-free writing...
9.8CVSS
0.3AI Score
0.065EPSS
Debian DLA-2961-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2961 advisory. If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked,...
9.6CVSS
7.3AI Score
0.004EPSS
AI Score
0.001EPSS
CVE-2022-24990 CVE-2022-24990 TerraMaster TOS...
7.5CVSS
8AI Score
0.96EPSS
EXECUTIVE SUMMARY CVSS v3 10.0 --------- Begin Update H Part 1 of 3 --------- ATTENTION: Exploitable remotely/public exploits are available --------- End Update H Part 1 of 3 --------- Vendor: Treck Inc. Equipment: TCP/IP Vulnerabilities: Improper Handling of Length Parameter...
10CVSS
7.8AI Score
0.054EPSS
ISC Releases Security Advisories for BIND
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and...
7.5CVSS
2.4AI Score
0.002EPSS
CodeAnalysis - Static Code Analysis
Tencent Cloud Code Analysis (TCA for short, code-named CodeDog inside the company early) is a comprehensive platform for code analysis and issue tracking. TCA consist of three components, server, web and client. It also supports the integration of other code analysis tools. Code analysis is a...
0.1AI Score
[SECURITY] Fedora 35 Update: pipenv-2021.5.29-7.fc35
The Python packaging tool that aims to bring the best of all packaging worlds (bundler, composer, npm, cargo, yarn, etc.) to the Python world. It automatically creates and manages a virtualenv for your projects, as well as adds/removes packages from your Pipfile as you install/uninstall packages......
8.6CVSS
1.7AI Score
0.003EPSS
[SECURITY] Fedora 34 Update: pipenv-2020.11.15-3.fc34
The Python packaging tool that aims to bring the best of all packaging worlds (bundler, composer, npm, cargo, yarn, etc.) to the Python world. It automatically creates and manages a virtualenv for your projects, as well as adds/removes packages from your Pipfile as you install/uninstall packages......
8.6CVSS
1.7AI Score
0.003EPSS
New Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs
Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to...
5.6CVSS
1.3AI Score
0.975EPSS
Debian DLA-2942-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2942 advisory. If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked,...
9.6CVSS
7.2AI Score
0.004EPSS
Debian DLA-2939-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2939 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild...
9.6CVSS
8.9AI Score
0.01EPSS
Summary: Potential security vulnerabilities in some Intel® Processors may allow information disclosure. Intel is releasing prescriptive guidance to address these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-0001 Description: Non-transparent sharing of branch predictor...
6.7AI Score
0.0005EPSS
Debian DLA-2933-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2933 advisory. An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild...
9.6CVSS
8.9AI Score
0.01EPSS
EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Low attack complexity Vendor: Becton, Dickinson and Company (BD) Equipment: Viper LT Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete...
8CVSS
7.5AI Score
0.0004EPSS
EXECUTIVE SUMMARY CVSS v3 7.0 Vendor: Becton, Dickinson and Company (BD) Equipment: Pyxis Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to electronic protected health information (ePHI) or...
7CVSS
5.5AI Score
0.0004EPSS
Debian DLA-2930-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2930 advisory. It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of- bounds write of one byte when processing the message. This...
8.8CVSS
8.9AI Score
0.002EPSS
[SECURITY] Fedora 34 Update: protobuf-3.14.0-7.fc34
Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...
6.5CVSS
3AI Score
0.0004EPSS
[SECURITY] Fedora 35 Update: libnbd-1.10.5-1.fc35
NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF =BF=BD is a protocol for accessing Block Devices (hard disks and disk-like things) over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: *...
4.8CVSS
0.7AI Score
0.001EPSS
Journalist won’t be indicted for hacking for viewing a state website’s HTML
A journalist incorrectly branded as a "hacker" by the governor of Missouri won't be prosecuted "for hacking". This was a quick and foreseen win for St. Louis Post-Dispatch reporter Josh Renaud after a prosecutor from Cole County dismissed Missouri Governor Mike Parson's criminal charges against...
-0.7AI Score
[SECURITY] Fedora 35 Update: protobuf-3.14.0-7.fc35
Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...
6.5CVSS
3AI Score
0.0004EPSS
[SECURITY] Fedora 35 Update: varnish-6.6.2-2.fc35
This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=EF=BF=BD=EF=BF =BD=EF=BF=BDt have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a...
9.1CVSS
0.7AI Score
0.006EPSS
Security Manager Guide – Job Description and How to Become
**Introduction ** This guide discloses how to turn into a security supervisor, as well as the means to take to begin in this productive and intriguing industry. Keep perusing to find about the instructive, and certificate prerequisites for cybersecurity managers in the work environment. Bosses...
0.1AI Score
Debian DLA-2921-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2921 advisory. Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed...
9.6CVSS
9.2AI Score
0.002EPSS
egcb.gov.bd Cross Site Scripting vulnerability OBB-2369861
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| egcb.gov.bd ---|--- Open Bug Bounty...
-0.1AI Score
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable...
8CVSS
7.3AI Score
0.0004EPSS
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable...
7.8CVSS
0.0004EPSS
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable...
7.8CVSS
7.3AI Score
0.0004EPSS
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...
7CVSS
5.5AI Score
0.0004EPSS
CVE-2022-22766 BD Pyxis Products - Hardcoded Credentials
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...
7CVSS
7.1AI Score
0.0004EPSS
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...
5.5CVSS
0.0004EPSS
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic...
5.5CVSS
5.5AI Score
0.0004EPSS
CVE-2022-22765 BD Viper LT System - Hardcoded Credentials
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable...
8CVSS
7.8AI Score
0.0004EPSS
AlmaLinux 8 : libdb (ALSA-2021:1675)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1675 advisory. Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32....
3.3CVSS
0.9AI Score
0.001EPSS
0.6AI Score
ACTINIUM targets Ukrainian organizations
The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. MSTIC previously tracked ACTINIUM...
0.4AI Score
ACTINIUM targets Ukrainian organizations
The Microsoft Threat Intelligence Center (MSTIC) is sharing information on a threat group named ACTINIUM, which has been operational for almost a decade and has consistently pursued access to organizations in Ukraine or entities related to Ukrainian affairs. MSTIC previously tracked ACTINIUM...
0.4AI Score
[SECURITY] Fedora 35 Update: trojita-0.7.0.1-0.13.20220117git266c757.fc35
Trojit=EF=BF=BD=EF=BF=BD is a IMAP e-mail client which: * Enables you to access your mail anytime, anywhere. * Does not slow you down. If we can improve the productivity of an e-mail user, we better do. * Respects open standards and facilitates modern technologies. We value the...
5.9CVSS
0.3AI Score
0.001EPSS
[SECURITY] Fedora 34 Update: trojita-0.7.0.1-0.13.20220117git266c757.fc34
Trojit=EF=BF=BD=EF=BF=BD is a IMAP e-mail client which: * Enables you to access your mail anytime, anywhere. * Does not slow you down. If we can improve the productivity of an e-mail user, we better do. * Respects open standards and facilitates modern technologies. We value the...
5.9CVSS
0.3AI Score
0.001EPSS
0.5AI Score
[32:9.8.2-0.68.rc1.0.3.8] - Backport fix for CVE-2018-5741 [Orabug: 33496185] [32:9.8.2-0.68.rc1.0.2.8] - Backport possible assertion failure on DNAME processing (CVE-2021-25215) [32:9.8.2-0.68.rc1.0.1.8] - Backport the fix for buffer overflow (CVE-2020-8625) (Orabug: 32588749)...
6.5CVSS
-0.4AI Score
0.003EPSS
3.3CVSS
6.8AI Score
0.001EPSS
7.8CVSS
7.2AI Score
0.002EPSS
7.8CVSS
7.8AI Score
0.0004EPSS