REvil Affiliates Arrested; DOJ Seizes $6M in Ransom
International law enforcement is squeezing REvil affiliates out of hiding, but the underground is shrugging it off: They know that Russia won’t touch a hair on the heads of the Russian-speaking ransomware operators, experts say. On Monday, Europol announced the arrest of a total of seven suspected....
7.2AI Score
Keeweb - Free Cross-Platform Password Manager Compatible With KeePass
This webapp is a browser and desktop password manager compatible with KeePass databases. It doesn't require any server or additional resources. The app can run either in browser, or as a desktop app. Quick Links Apps: Web, Desktop Timeline: Release Notes, TODO On one page: Features, FAQ Website:...
7.1AI Score
Inefficient Regular Expression Complexity in terkelg/prompts
✍️ Description The prompts package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted input to the strip functionality may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex. The ReDOS is...
1.2AI Score
2.550 Remote code execution in nginx(CVE-2021-23017) 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngx_resolver_copy()function when processing DNS responses. A remote...
6.7CVSS
8.5AI Score
0.52EPSS
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.raw_ops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function....
5.5CVSS
2.1AI Score
0.0004EPSS
Security update for nextcloud (important)
An update that fixes 13 vulnerabilities is now available. Description: This update for nextcloud fixes the following issues: nextcloud was updated to 20.0.11: Fix boo#1188247 - CVE-2021-32678: OCS API response ratelimits are not applied Fix boo#1188248 - CVE-2021-32679: filenames where not...
9.8CVSS
AI Score
0.004EPSS
There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. It is possible to use the Bluetooth Low...
5.4CVSS
5.3AI Score
0.001EPSS
Stack-based Buffer Overflow in rup0rt/pcapfix
Description A stack over flow was found in pcapfix in function fix_pcap_packets() in pcap.c at line 550 The root cause seem at line 458 , there is an int overflow if filesize-pos-sizeof(packet_hdr) is negative. Test version : 1.1.6 [2fe168e] Test env: gcc 9.3.0 ubuntu 20.04 x86-64 Proof of Concept....
AI Score
Description of the security update for Outlook 2013: June 8, 2021 (KB5001934)
Description of the security update for Outlook 2013: June 8, 2021 (KB5001934) Summary This security update resolves a Microsoft Outlook Remote Code Execution Vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-31949. Note: To apply this....
7.5AI Score
0.077EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the...
7.8CVSS
8.4AI Score
0.002EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the...
7.8CVSS
0.002EPSS
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the the...
7.8CVSS
8AI Score
0.002EPSS
Exploit for Cross-Site Request Forgery (CSRF) in Webmin
..| CVE-2021-31762 |.. Description : Exploiting a...
8.8CVSS
8.8AI Score
0.013EPSS
Description of the security update for Outlook 2013: April 13, 2021 (KB4504733)
Description of the security update for Outlook 2013: April 13, 2021 (KB4504733) Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2021-28452. Note: To apply this....
7.3AI Score
0.089EPSS
GitLab: RCE when removing metadata with ExifTool
Summary When uploading image files, GitLab Workhorse passes any files with the extensions jpg|jpeg|tiff through to ExifTool to remove any non-whitelisted tags. An issue with this is that ExifTool will ignore the file extension and try to determine what the file is based on the content, allowing...
-0.1AI Score
Click Here to Kill Everybody Sale
For a limited time, I am selling signed copies of Click Here to Kill Everybody in hardcover for just $6, plus shipping. Note that I have had occasional problems with international shipping. The book just disappears somewhere in the process. At this price, international orders are at the buyer's...
0.8AI Score
Description of the security update for Outlook 2013: December 8, 2020
Description of the security update for Outlook 2013: December 8, 2020 Summary This security update resolves Microsoft Outlook information disclosure vulnerabilities. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2020-17119. Note To apply this...
6.8AI Score
0.822EPSS
Description of the security update for SharePoint Server 2010: November 10, 2020
Description of the security update for SharePoint Server 2010: November 10, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
7.4AI Score
0.001EPSS
KB941203 - MS08-040: Vulnerabilities in Microsoft SQL Server could allow elevation of privilege
Resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of the system.INTRODUCTIONMicrosoft has released security bulletin MS08-040. To view the complete security bulletin, visit one of the...
7.5AI Score
0.96EPSS
Description of the security update for Outlook 2013: October 13, 2020
Description of the security update for Outlook 2013: October 13, 2020 Summary This security update resolves a denial of service vulnerability that exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory. To learn more about the vulnerability, see...
5.1AI Score
0.003EPSS
Description of the security update for SharePoint Server 2019: October 13, 2020
Description of the security update for SharePoint Server 2019: October 13, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...
8.1AI Score
0.909EPSS
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM...
7.5CVSS
7.5AI Score
0.002EPSS
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM...
7.5CVSS
0.002EPSS
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM...
7.5CVSS
7.5AI Score
0.002EPSS
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM...
7.6AI Score
0.002EPSS
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely...
6.5CVSS
6.9AI Score
0.001EPSS
Description of the security update for SharePoint Enterprise Server 2013: September 8, 2020
Description of the security update for SharePoint Enterprise Server 2013: September 8, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Excel if the software does not check the source markup of an application package. To learn more about the....
9.5AI Score
0.013EPSS
Description of the security update for SharePoint Server 2010: September 8, 2020
Description of the security update for SharePoint Server 2010: September 8, 2020 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the...
8.5AI Score
0.013EPSS
Digital Education: The cyberrisks of the online classroom
This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries were impacted by school closures. Shortly after schools....
-0.6AI Score
Oracle WebLogic Server - Remote Command Execution
The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and...
9.8CVSS
9.3AI Score
0.976EPSS
Description of the security update for Outlook 2013: August 11, 2020
Description of the security update for Outlook 2013: August 11, 2020 Summary This security update resolves a remote code execution vulnerability that exists in Microsoft Outlook when the software does not correctly handle objects in memory. It also resolves an information disclosure vulnerability.....
6AI Score
0.005EPSS