7.8CVSS
7.8AI Score
0.0004EPSS
6.8AI Score
0.008EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5248-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5248-1 advisory. An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code...
10CVSS
10AI Score
0.007EPSS
Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5246-1)
The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5246-1 advisory. Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive...
10CVSS
8.7AI Score
0.007EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially...
10CVSS
9.3AI Score
EPSS
Releases Ubuntu 21.10 Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to...
10CVSS
9.2AI Score
EPSS
Debian DLA-2880-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2880 advisory. Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported...
10CVSS
8.6AI Score
0.002EPSS
Debian DLA-2881-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2881 advisory. Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported...
10CVSS
8.6AI Score
0.002EPSS
[SECURITY] Fedora 34 Update: e00compr-1.0.1-28.fc34
E00compr is an ANSI C library that reads and writes Arc/Info compressed E00 files. Both =EF=BF=BD=EF=BF=BD=EF=BF=BDPARTIAL=EF=BF=BD=EF=BF=BD=EF=BF=BD and =EF=BF=BD=EF=BF=BD=EF=BF=BDFULL=EF=BF=BD=EF=BF=BD=EF=BF=BD compression level s are supported. This package can be divided in three parts: ...
7.1AI Score
kernel security and bug fix update
[3.10.0-1160.53.1.OL7] - Update Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.9 - Update...
6.7CVSS
-0.1AI Score
0.0004EPSS
PlayStation: Use-after-free in setsockopt IPV6_2292PKTOPTIONS (CVE-2020-7457)
The PS5 is vulnerable to https://hackerone.com/reports/826026 which easily grants kernel access to an attacker. This vulnerability had been reported by me for the PS4 2 years ago when the PS5 did not yet exist, thus this should be considered as a new report and not a duplicate. I was able to use...
8.1CVSS
1.4AI Score
0.346EPSS
In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User....
6.5CVSS
6.4AI Score
0.001EPSS
In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User....
6.5CVSS
0.001EPSS
In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User....
6.5CVSS
6.4AI Score
0.001EPSS
Debian DLA-2874-1 : thunderbird - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2874 advisory. During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable...
10CVSS
-0.2AI Score
0.007EPSS
Debian DLA-2863-1 : firefox-esr - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2863 advisory. The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the...
10CVSS
-0.2AI Score
0.007EPSS
Exploit for Deserialization of Untrusted Data in Apache Log4J
TekiumLog4jApp v1.0 Author: Erick Rodríguez Email:...
9AI Score
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed...
6.8CVSS
6.5AI Score
0.001EPSS
The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the...
5.3CVSS
5.2AI Score
0.001EPSS
Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2021-3541 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by an exponential entity expansion attack...
9.8CVSS
10.2AI Score
0.582EPSS
Why Everyone Needs to Take the Latest CISA Directive Seriously
Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It's easy to see why you would assume that a directive from CISA just doesn't relate to your organization. But, in the...
7.8CVSS
-0.2AI Score
0.974EPSS
RHEL 6 : bind (RHSA-2021:1468)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1468 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a...
7.5CVSS
7.1AI Score
0.067EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerability (USN-5168-2)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 / 21.10 host has packages installed that are affected by a vulnerability as referenced in the USN-5168-2 advisory. NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded...
9.8CVSS
9.5AI Score
0.005EPSS
Releases Ubuntu 21.10 Ubuntu 21.04 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use...
9.8CVSS
10AI Score
0.005EPSS
bd.1lib.limited Cross Site Scripting vulnerability OBB-2284682
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5152-1)
The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5152-1 advisory. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory...
10CVSS
8.7AI Score
0.005EPSS
Releases Ubuntu 21.10 Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to...
10CVSS
8.9AI Score
0.005EPSS
Fedora: Security Advisory for bind (FEDORA-2021-eb8dab50ba)
The remote host is missing an update for...
5.3CVSS
6AI Score
0.005EPSS
Fedora: Security Advisory for bind (FEDORA-2021-39b33260b8)
The remote host is missing an update for...
5.3CVSS
6AI Score
0.005EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5146-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5146-1 advisory. Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory...
8.8CVSS
9.1AI Score
0.004EPSS
[SECURITY] Fedora 33 Update: bind-9.11.36-1.fc33
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
5.3CVSS
6.3AI Score
0.005EPSS
Releases Ubuntu 21.04 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...
8.8CVSS
9.2AI Score
0.004EPSS
[SECURITY] Fedora 34 Update: bind-9.16.22-1.fc34
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
5.3CVSS
6.3AI Score
0.005EPSS
bind security and bug fix update
An update is available for bind. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Berkeley Internet Name Domain (BIND) is an implementation of the Domain...
6.5CVSS
7.2AI Score
0.009EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
6.5CVSS
6.6AI Score
0.009EPSS
(RHSA-2021:4384) Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
7.3AI Score
0.009EPSS
Moderate: bind security and bug fix update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....
6.5CVSS
6.6AI Score
0.009EPSS
Fedora: Security Advisory for bind (FEDORA-2021-58e7b873b7)
The remote host is missing an update for...
5.3CVSS
6AI Score
0.005EPSS
[SECURITY] Fedora 35 Update: bind-9.16.22-1.fc35
BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....
5.3CVSS
6.3AI Score
0.005EPSS