Debian DSA-5421-1 : firefox-esr - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5421 advisory. The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks...
9.8CVSS
10.3AI Score
0.004EPSS
9.8CVSS
9.7AI Score
0.004EPSS
[SECURITY] [DSA 5421-1] firefox-esr security update
Debian Security Advisory DSA-5421-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 07, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-34414 CVE-2023-34416...
9.8CVSS
7.3AI Score
0.004EPSS
IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics Targeted attacks BlueNoroff introduces new methods bypassing MotW At the close of 2022, we reported the recent activities of BlueNoroff, a financially motivated...
7.3AI Score
IT threat evolution Q1 2023. Mobile statistics
IT threat evolution Q1 2023 IT threat evolution Q1 2023. Non-mobile statistics IT threat evolution Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures According to...
7AI Score
IT threat evolution in Q1 2023. Non-mobile statistics
IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly...
10CVSS
9.6AI Score
0.976EPSS
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6143-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6143-1 advisory. The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from...
9.8CVSS
10.4AI Score
0.004EPSS
Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...
9.8CVSS
9.2AI Score
0.004EPSS
Ubuntu 20.04 LTS / 22.04 LTS : LibreOffice vulnerabilities (USN-6144-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6144-1 advisory. Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker...
7.8CVSS
7AI Score
0.001EPSS
Releases Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages libreoffice - Office productivity suite Details It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into...
7.8CVSS
7.1AI Score
0.001EPSS
Satacom delivers browser extension that steals cryptocurrency
Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...
7.4AI Score
Operation Triangulation: iOS devices targeted with previously unknown malware
While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS...
7AI Score
[SECURITY] [DLA 3439-1] libwebp security update
Debian LTS Advisory DLA-3439-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 31, 2023 https://wiki.debian.org/LTS Package : libwebp Version : 0.6.1-2+deb10u2 CVE ID :...
7.5CVSS
7.2AI Score
0.001EPSS
The plugin does not validate and escape post metadata before outputting it back into the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as...
5.4CVSS
5.9AI Score
0.001EPSS
OOB read from unchecked return
Environment bash Distributor ID: Debian Description: Debian GNU/Linux bookworm/sid Version I checked against the latest release as of 05/29/23 the current master branch at commit 4f810869b06b5d7b0cb73d166864dfb4b1e900f6 . Description This AddressSanitizer output is indicating a read on an...
7.1CVSS
6.9AI Score
0.0004EPSS
7.8CVSS
7.7AI Score
0.001EPSS
[SECURITY] [DSA 5415-1] libreoffice security update
Debian Security Advisory DSA-5415-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2023 https://www.debian.org/security/faq Package : libreoffice CVE ID : CVE-2023-0950 CVE-2023-2255...
7.8CVSS
7.8AI Score
0.001EPSS
Debian DSA-5415-1 : libreoffice - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5415 advisory. Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a...
7AI Score
0.001EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Firefox regressions (USN-6074-3)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6074-3 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
6.7AI Score
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details USN-6074-1 fixed vulnerabilities and USN-6074-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the...
9.8CVSS
9.1AI Score
0.003EPSS
Meet the GoldenJackal APT group. Don’t expect any howls
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We...
8.1AI Score
[SECURITY] [DSA 5408-1] libwebp security update
Debian Security Advisory DSA-5408-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2023 https://www.debian.org/security/faq Package : libwebp CVE ID : CVE-2023-1999 Debian Bug :...
7.5CVSS
6.9AI Score
0.001EPSS
CloudWizard APT: the bad magic story goes on
In March 2023, we uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. Since the release of our report about...
7.2AI Score
Minas – on the way to complexity
Sometimes when investigating an infection and focusing on a targeted attack, we come across something we were not expecting. The case described below is one such occurrence. In June 2022, we found a suspicious shellcode running in the memory of a system process. We decided to dig deeper and...
7.3AI Score
8.8CVSS
8.9AI Score
0.002EPSS
8.8CVSS
8.9AI Score
0.002EPSS
8.8CVSS
8.9AI Score
0.002EPSS
Ubuntu 18.04 LTS / 20.04 LTS : Firefox regressions (USN-6074-2)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6074-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
6.7AI Score
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details USN-6074-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details:...
9.8CVSS
9.1AI Score
0.003EPSS
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service...
6.5CVSS
7.3AI Score
0.001EPSS
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service...
6.5CVSS
7.2AI Score
0.001EPSS
An authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service...
6.5CVSS
6.9AI Score
0.001EPSS
An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service...
6.5CVSS
7AI Score
0.001EPSS
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.9AI Score
0.002EPSS
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.8AI Score
0.002EPSS
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.9AI Score
0.002EPSS
In multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of...
7.5CVSS
7.8AI Score
0.002EPSS
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.9AI Score
0.002EPSS
An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.9AI Score
0.002EPSS
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.8AI Score
0.002EPSS
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.8AI Score
0.002EPSS
Multiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service...
6.5CVSS
6.9AI Score
0.001EPSS
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.9AI Score
0.002EPSS
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.8AI Score
0.002EPSS
Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific...
4.3CVSS
4.5AI Score
0.001EPSS
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.9AI Score
0.002EPSS
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.8AI Score
0.002EPSS
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.9AI Score
0.002EPSS
An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.9AI Score
0.002EPSS
An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code...
8.8CVSS
8.9AI Score
0.002EPSS