Hackers Sell Data from 26 Million LiveJournal Users on Dark Web
A database containing credentials from more than 26 million LiveJournal accounts has been leaked online and is being sold on the Dark Web and hacker forums. The data contained in the files appears to be from a 2014 incident in which 33 million accounts were hacked, according to a published report.....
-0.5AI Score
A flaw was found in PHP under a non-default configuration, where it was vulnerable to integer wraparounds during the reception of a multipart POST request. This flaw allows a remote attacker to repeatedly crash PHP and fill the filesystem with temporary PHP files, resulting in a denial of service.....
3.4AI Score
0.012EPSS
10web.io Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1163869 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
-0.2AI Score
curl: Curl_auth_create_plain_message integer overflow leads to heap buffer overflow
Summary: There is an incorrect integer overflow check in Curl_auth_create_plain_message in lib/vauth/cleartext.c , leading to a potential heap buffer overflow of controlled length and data. The exploitation seems quite easy, yet the vulnerability can only be triggered locally and does not seem to.....
9.8CVSS
1.1AI Score
0.016EPSS
May 12, 2020—KB4556813 (OS Build 14393.3686)
May 12, 2020—KB4556813 (OS Build 14393.3686) IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional...
7.8AI Score
0.194EPSS
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host...
5.5CVSS
6.6AI Score
0.0004EPSS
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host...
5.5CVSS
5.3AI Score
0.0004EPSS
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host...
5.5CVSS
5.4AI Score
0.0004EPSS
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host...
5.5CVSS
5.4AI Score
0.0004EPSS
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host...
5.4AI Score
0.0004EPSS
Security Bulletin: Vulnerability in curl affects IBM Cloud Pak System (CVE-2018-14618)
Summary Vulnerability is identified in curl used in Cloud Pak System. Cloud Pak System has addressed the vulnerability. Vulnerability Details ** CVEID: CVE-2018-14618 DESCRIPTION: **curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function.....
9.8CVSS
0.4AI Score
0.037EPSS
openSUSE Security Update : the Linux Kernel (openSUSE-2020-543)
The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-11669: An issue was discovered on the powerpc platform. arch/powerpc/kernel/idle_book3s.S did not have save/restore functionality for...
8.2CVSS
8.1AI Score
0.002EPSS
Security update for the Linux Kernel (important)
An update that solves 7 vulnerabilities and has 76 fixes is now available. Description: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2020-11669: An issue was discovered on the powerpc platform. ...
8.2CVSS
-0.1AI Score
0.002EPSS
Description of Update Rollup 2 for Exchange Server 2010 Service Pack 2
Description of Update Rollup 2 for Exchange Server 2010 Service Pack 2 Summary Microsoft has released Update Rollup 2 for Microsoft Exchange Server 2010 Service Pack 2 (SP2). This update is dated April 16, 2012. This article describes the following information about the update rollup: The issues...
6.9AI Score
April 14, 2020—KB4550929 (OS Build 14393.3630)
April 14, 2020—KB4550929 (OS Build 14393.3630) NEW IMPORTANT We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all...
7.5AI Score
0.953EPSS
Exploit for Vulnerability in Oracle Solaris
Security breach project - Privilege escalation The...
8.8CVSS
2.7AI Score
0.003EPSS
Description of the Microsoft Office for Mac 2011 14.2.2 Update
Describes the Microsoft Office for Mac 2011 14.2.1 Update that was released on May 8, 2012INTRODUCTIONMicrosoft has released security bulletins MS12-029 and MS12-030. These security bulletins contain all the relevant information about the security updates for Microsoft Office for Mac 2011. To view....
-0.5AI Score
System Center Operations Manager, version 1807
System Center Operations Manager, version 1807 Applies to: System Center Operations Manager, version 1807 Introduction This article describes the issues that are fixed and the improvements that are included in System Center Operations Manager, version 1807. This article also contains the...
6.9AI Score
Update Rollup 6 for System Center 2016 Operations Manager
Update Rollup 6 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2016 Operations Manager. This article also contains the installation instructions for this update. Improvements and issues that are....
6.6AI Score
Update Rollup 2 for System Center 2016 Operations Manager
Update Rollup 2 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 2 for Microsoft System Center 2016 Operations Manager. It also contains the installation instructions for this update. Issues that are fixed in this update...
7AI Score
Update Rollup 3 for System Center 2016 Operations Manager
Update Rollup 3 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 3 for Microsoft System Center 2016 Operations Manager. This article also contains the installation instructions for this update. Issues that are fixed When you...
6.8AI Score
Update Rollup 4 for System Center 2016 Operations Manager
Update Rollup 4 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 4 for Microsoft System Center 2016 Operations Manager. This article also contains the installation instructions for this update. Issues that are fixed and...
7.1AI Score
Update Rollup 1 for System Center 2016 Operations Manager
Update Rollup 1 for System Center 2016 Operations Manager Introduction This article provides installation instructions for Update Rollup 1 for Microsoft System Center 2016 Operations Manager. Issues that are fixed in the UNIX and Linux management packs A memory leak in RunAsProvider is...
7.3AI Score
DigiTrack - Attacks For $5 Or Less Using Arduino
In 30 seconds, this attack can learn which networks a MacOS computer has connected to before, and plant a script that tracks the current IP address and Wi-Fi network every 60 seconds. Now includes: Hardtracker - Digispark VPN buster to send the IP address and BSSID/SSID of nearby Wi-Fi networks...
7.3AI Score
openSUSE: Security Advisory for skopeo (openSUSE-SU-2020:0377-1)
The remote host is missing an update for...
5.9CVSS
6.1AI Score
0.001EPSS
openSUSE Security Update : skopeo (openSUSE-2020-377)
This update for skopeo fixes the following issues : Update to skopeo v0.1.41 (bsc#1165715) : Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 Bump github.com/containers/common from 0.0.7 to 0.1.4 Remove the reference to openshift/api ...
5.9CVSS
6.7AI Score
0.001EPSS
Security update for skopeo (moderate)
An update that solves one vulnerability and has one errata is now available. Description: This update for skopeo fixes the following issues: Update to skopeo v0.1.41 (bsc#1165715): Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 Bump...
5.9CVSS
AI Score
0.001EPSS
SUSE SLES15 Security Update : skopeo (SUSE-SU-2020:0712-1)
This update for skopeo fixes the following issues : Update to skopeo v0.1.41 (bsc#1165715) : Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1 Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8 Bump github.com/containers/common from 0.0.7 to 0.1.4 Remove the reference to openshift/api vendor...
5.9CVSS
6.8AI Score
0.001EPSS
Six Facts about Address Space Layout Randomization on Windows
Overcoming address space layout randomization (ASLR) is a precondition of virtually all modern memory corruption vulnerabilities. Breaking ASLR is an area of active research and can get incredibly complicated. This blog post presents some basic facts about ASLR, focusing on the Windows...
0.6AI Score
March 10, 2020—KB4540670 (OS Build 14393.3564)
March 10, 2020—KB4540670 (OS Build 14393.3564) NEW The build information for Windows Server 2016 container images is 10.0.14393.3568. Reminder The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ended on April 9, 2019 and doesn't extend beyond this date. To...
7.3AI Score
0.54EPSS
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory...
7.5CVSS
5AI Score
0.001EPSS
Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites
subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, and it does that very well. We have...
7.4AI Score
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory...
7.5CVSS
7.2AI Score
0.001EPSS
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory...
7.5CVSS
6.5AI Score
0.001EPSS
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory...
7.5CVSS
7.1AI Score
0.001EPSS
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory...
7.5CVSS
7.3AI Score
0.001EPSS
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory...
7.5CVSS
7.1AI Score
0.001EPSS
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory...
8.6CVSS
7.2AI Score
0.001EPSS
In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). Bugs https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953049...
7.5CVSS
7.1AI Score
0.001EPSS
This project inspects Java libraries and classpaths for gadget chains. Gadgets chains are used to construct exploits for deserialization vulnerabilities. By automatically discovering possible gadgets chains in an application's classpath penetration testers can quickly construct exploits and...
7.6AI Score
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak Exploit
Exploit for hardware platform in category web...
7.1AI Score
AI Score
0.953EPSS
7.5CVSS
7.7AI Score
0.953EPSS
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak
Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory...
7.5CVSS
0.1AI Score
0.953EPSS
AI Score
0.953EPSS
Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak Exploit
Title: Nanometrics Centaur / TitanSMA Unauthenticated Remote Memory Leak Exploit Advisory ID: ZSL-2020-5562 Type: Local/Remote Impact: System Access, DoS, Exposure of System Information, Exposure of Sensitive Information Risk: (5/5) Release Date: 15.02.2020 Summary The Centaur digital recorder...
9.8CVSS
8AI Score
0.953EPSS
Reverse Engineering Tesla Hardware
TL;DR How does the Tesla Model S update its firmware? What did we find when reverse engineering the display and instrument cluster? Here’s the result of a couple of weeks work, working on a real vehicle that (mostly) worked after we had finished. Part 1: analysing the hardware, complete with a 14.....
7.6AI Score
February 11, 2020—KB4537764 (OS Build 14393.3504)
February 11, 2020—KB4537764 (OS Build 14393.3504) Reminder The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ended on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the....
7.5AI Score
EPSS
AgentSmith-HIDS - Open Source Host-based Intrusion Detection System (HIDS)
Technically, AgentSmith-HIDS is not a Host-based Intrusion Detection System (HIDS) due to lack of rule engine and detection function. However, it can be used as a high performance 'Host Information Collect Agent' as part of your own HIDS solution. The comprehensiveness of information which can be.....
7.3AI Score
RHEL 8 : kernel (RHSA-2020:0204)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0204 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: Machine Check Error on Page...
9.8CVSS
9.6AI Score
0.966EPSS