Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6333-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6333-1 advisory. Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown...
9.8CVSS
7.9AI Score
0.002EPSS
Releases Ubuntu 23.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Junsung Lee discovered that Thunderbird did not properly validate the text direction override unicode character in filenames. An attacker could potentially...
9.8CVSS
9.5AI Score
0.002EPSS
[SECURITY] [DSA 5488-1] thunderbird security update
Debian Security Advisory DSA-5488-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 03, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-4573 CVE-2023-4574...
8.8CVSS
7.2AI Score
0.001EPSS
[SECURITY] [DLA 3553-1] firefox-esr security update
Debian LTS Advisory DLA-3553-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 01, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 102.15.0esr-1~deb10u1 CVE...
8.8CVSS
8.3AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
[SECURITY] [DSA 5485-1] firefox-esr security update
Debian Security Advisory DSA-5485-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 30, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-4573 CVE-2023-4574...
8.8CVSS
7.3AI Score
0.001EPSS
IT threat evolution in Q2 2023. Non-mobile statistics
IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...
10CVSS
10.4AI Score
0.976EPSS
IT threat evolution in Q2 2023. Mobile statistics
IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures...
7AI Score
IT threat evolution in Q2 2023
IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics Targeted attacks Gopuram backdoor deployed through 3CX supply-chain attack Earlier this year, a Trojanized version of the 3CXDesktopApp, a popular VoIP program,...
9.8CVSS
10AI Score
0.975EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6320-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6320-1 advisory. When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a...
8.8CVSS
8.7AI Score
0.001EPSS
Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...
8.8CVSS
8.8AI Score
0.001EPSS
Lockbit leak, research opportunities on tools leaked from TAs
Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service (RaaS) program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted...
7.3AI Score
[SECURITY] [DSA 5282-1] tryton-server security update
Debian Security Advisory DSA-5482-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 24, 2023 https://www.debian.org/security/faq Package : tryton-server CVE ID : not yet available "Edbo"...
7.3AI Score
Amazon Linux 2 : glibc (ALAS-2023-2221)
The version of glibc installed on the remote host is prior to 2.26-37. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2221 advisory. On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC...
7CVSS
8AI Score
0.001EPSS
Issue Overview: A vulnerability was discovered in glibc where the LD_PREFER_MAP_32BIT_EXEC environment variable is not ignored when running binaries with the setuid flag on x86_64 architectures. This allows an attacker to force system to utilize only half of the memory (making the system think the....
7CVSS
7.4AI Score
0.001EPSS
Ubuntu 20.04 LTS : Firefox regressions (USN-6267-3)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6267-3 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
6.7AI Score
Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original...
9.8CVSS
9.3AI Score
0.002EPSS
Xsubfind3R - A CLI Utility To Find Domain'S Known Subdomains From Curated Passive Online Sources
xsubfind3r is a command-line interface (CLI) utility to find domain's known subdomains from curated passive online sources. Features Fetches domains from curated passive sources to maximize results. Supports stdin and stdout for easy integration into workflows. Cross-Platform (Windows, Linux...
6.7AI Score
Debian DLA-3526-1 : libreoffice - LTS security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3526 advisory. Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the...
9.1CVSS
7.2AI Score
0.001EPSS
7.8CVSS
7.6AI Score
0.001EPSS
[SECURITY] [DLA 3526-1] libreoffice security update
Debian LTS Advisory DLA-3526-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès August 13, 2023 https://wiki.debian.org/LTS Package : libreoffice Version : 1:6.1.5-3+deb10u10 CVE...
9.1CVSS
7.3AI Score
0.001EPSS
Xcrawl3R - A CLI Utility To Recursively Crawl Webpages
xcrawl3r is a command-line interface (CLI) utility to recursively crawl webpages i.e systematically browse webpages' URLs and follow links to discover linked webpages' URLs. Features Recursively crawls webpages for URLs. Parses URLs from files (.js, .json, .xml, .csv, .txt & .map). Parses URLs...
6.9AI Score
Common TTPs of attacks against industrial organizations
In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Based on similarities found between these campaigns and...
7.7AI Score
Lines of code Vulnerability details Bug Description In the SecurityCouncilNomineeElectionGovernor and SecurityCouncilMemberElectionGovernor contracts, users can provide a signature to allow someone else to vote on their behalf using the castVoteWithReasonAndParamsBySig() function, which is in...
6.7AI Score
Missing __Governor_init() call in SecurityCouncilMemberRemovalGovernor's initialize() function
Lines of code Vulnerability details Bug Description The SecurityCouncilMemberRemovalGovernor contract inherits Openzeppelin's GovernorUpgradeable: SecurityCouncilMemberRemovalGovernor.sol#L17-L19 contract SecurityCouncilMemberRemovalGovernor is Initializable, GovernorUpgradeable, However,...
6.8AI Score
9.8CVSS
7.7AI Score
0.002EPSS
A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
[SECURITY] [DLA 3523-1] firefox-esr security update
Debian LTS Advisory DLA-3523-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 09, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 102.14.0esr-1~deb10u1 CVE...
9.8CVSS
9.1AI Score
0.002EPSS
A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS
A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating...
8.8CVSS
8.9AI Score
0.001EPSS
A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating...
8.8CVSS
8.9AI Score
0.001EPSS
A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the...
8.8CVSS
8.8AI Score
0.001EPSS