Debian dsa-5606 : firefox-esr - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5606 advisory. An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects...
8.8CVSS
8.1AI Score
0.001EPSS
Cracked software beats gold: new macOS backdoor stealing cryptowallets
A month ago, we discovered some cracked apps circulating on pirating websites and infected with a Trojan proxy. The malicious actors repackaged pre-cracked applications as PKG files with an embedded Trojan proxy and a post-install script initiating the infection. We recently caught sight of a new,....
7.5AI Score
A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web...
7.5CVSS
7.5AI Score
0.001EPSS
A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web...
7.5CVSS
7.5AI Score
0.001EPSS
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without...
9.1CVSS
9.1AI Score
0.001EPSS
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without...
9.1CVSS
9AI Score
0.001EPSS
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or...
6.1CVSS
6AI Score
0.001EPSS
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or...
6.1CVSS
6.2AI Score
0.001EPSS
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or...
6.1CVSS
6.2AI Score
0.001EPSS
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without...
9.1CVSS
7.2AI Score
0.001EPSS
A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web...
7.5CVSS
7.3AI Score
0.001EPSS
A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web...
7.7AI Score
0.001EPSS
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or...
6.2AI Score
0.001EPSS
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without...
9.3AI Score
0.001EPSS
Dark web threats and dark market predictions for 2024
An overview of last year's predictions Increase in personal data leaks; corporate email at risk A data leakage is a broad term encompassing various types of information that become publicly available, or published for sale on the dark web or other shadow web sites. Leaked information may...
7.2AI Score
8.8CVSS
8.9AI Score
0.005EPSS
A lightweight method to detect potential iOS malware
Introduction In the ever-evolving landscape of mobile security, hunting for malware in the iOS ecosystem is akin to navigating a labyrinth with invisible walls. Imagine having a digital compass that not only guides you through this maze, but also reveals the hidden mechanisms of iOS malware...
6.7AI Score
8.8CVSS
8.9AI Score
0.005EPSS
SEMCMS SQL Injection Vulnerability (CNVD-2024-06232)
SEMCMS is a foreign trade web content management system (CMS) that supports multiple languages. A SQL injection vulnerability exists in SEMCMS v4.8, which originates from the lack of validation of externally entered SQL statements via the languageID parameter in /web_inc.php. The vulnerability can....
7.5CVSS
8AI Score
0.001EPSS
8.8CVSS
7.1AI Score
0.003EPSS
Ubuntu 20.04 LTS : Firefox regressions (USN-6562-2)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6562-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
7.3AI Score
Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details USN-6562-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security...
8.8CVSS
9.2AI Score
0.005EPSS
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in...
7.5CVSS
7.7AI Score
0.001EPSS
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in...
7.5CVSS
7.8AI Score
0.001EPSS
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in...
7.5CVSS
8.5AI Score
0.001EPSS
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in...
8AI Score
0.001EPSS
Microsoft is addressing 49 vulnerabilities this January 2024 Patch Tuesday, including a single critical remote code execution vulnerability. Four browser vulnerabilities were published separately this month, and are not included in the total. No zero-day vulnerabilities are published or patched...
9.8CVSS
9.8AI Score
0.89EPSS
8.3AI Score
0.001EPSS
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. Vulnerability Details ** CVEID: CVE-2023-43646 DESCRIPTION: **Chai.js Assertion Library get-func-name is...
9.8CVSS
9.9AI Score
0.002EPSS
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
7.7AI Score
Ubuntu 20.04 LTS : Firefox vulnerabilities (USN-6562-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6562-1 advisory. The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could...
8.8CVSS
9.1AI Score
0.005EPSS
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Thunderbird vulnerabilities (USN-6563-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6563-1 advisory. When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown...
8.8CVSS
9AI Score
0.005EPSS
Releases Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an...
8.8CVSS
9AI Score
0.005EPSS
Releases Ubuntu 20.04 LTS Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive...
8.8CVSS
8.9AI Score
0.005EPSS
8.8CVSS
8.9AI Score
0.005EPSS
8.8CVSS
8.9AI Score
0.005EPSS
[SECURITY] [DLA 3703-1] libreoffice security update
Debian LTS Advisory DLA-3703-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 31, 2023 https://wiki.debian.org/LTS Package : libreoffice Version : 1:6.1.5-3+deb10u11 CVE...
8.8CVSS
8.6AI Score
0.003EPSS
[SECURITY] [DLA 3698-1] thunderbird security update
Debian LTS Advisory DLA-3698-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 29, 2023 https://wiki.debian.org/LTS Package : thunderbird Version : 1:115.6.0-1~deb10u1 CVE...
8.8CVSS
8.9AI Score
0.005EPSS
[SECURITY] [DLA 3697-1] firefox-esr security update
Debian LTS Advisory DLA-3697-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 29, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.6.0esr-1~deb10u1 CVE...
8.8CVSS
8.5AI Score
0.005EPSS
Operation Triangulation: The last (hardware) mystery
Today, on December 27, 2023, we (Boris Larin, Leonid Bezvershenko, and Georgy Kucherin) delivered a presentation, titled, "Operation Triangulation: What You Get When Attack iPhones of Researchers", at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation...
8.8CVSS
7.9AI Score
0.003EPSS
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11479)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. An attacker with network access to affected products could cause a denial of service condition because of a vulnerability in the TCP retransmission queue implementation kernel when handling TCP...
7.5CVSS
7.5AI Score
0.974EPSS
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11477)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The kernel used in some products is affected by an integer overflow when handling TCP Selective Acknowledgements. A remote attacker could use this to cause a denial of service. This plugin only...
7.5CVSS
7.7AI Score
0.974EPSS
Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment (SACK) sequences to affected products. This plugin only works with Tenable.ot....
7.5CVSS
7.6AI Score
0.974EPSS
8.8CVSS
6.8AI Score
0.005EPSS
Siemens Industrial Products Excessive Data Query Operations in a Large Data Table (CVE-2019-8460)
Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. The vulnerability could allow a remote attacker to cause a denial of service condition. OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensi...
7.5CVSS
7.7AI Score
0.974EPSS
[SECURITY] [DSA 5582-1] thunderbird security update
Debian Security Advisory DSA-5582-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 21, 2023 https://www.debian.org/security/faq Package : thunderbird CVE ID : CVE-2023-6856 CVE-2023-6857...
8.8CVSS
7.8AI Score
0.005EPSS
8.8CVSS
8.9AI Score
0.005EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libreoffice (SUSE-SU-2023:4932-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4932-1 advisory. Improper Input Validation vulnerability in GStreamer integration of The Document Foundation...
8.8CVSS
9.3AI Score
0.001EPSS
Debian DSA-5582-1 : thunderbird - security update
The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5582 advisory. The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not...
8.8CVSS
9AI Score
0.005EPSS
[SECURITY] [DSA 5581-1] firefox-esr security update
Debian Security Advisory DSA-5581-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 20, 2023 https://www.debian.org/security/faq Package : firefox-esr CVE ID : CVE-2023-6856 CVE-2023-6857...
8.8CVSS
7.1AI Score
0.005EPSS