A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...
9.8CVSS
9.6AI Score
0.004EPSS
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...
9.8AI Score
0.004EPSS
APT attacks: Exploring Advanced Persistent Threats and their evasive techniques
Cyber criminals come in all shapes and sizes. On one end of the spectrum, there's the script kiddie or inexperienced ransomware gang looking to make a quick buck. On the other end are state-sponsored groups using far more sophisticated tactics--often with long-term, strategic goals in mind....
7.6AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023)
Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities.....
9.8CVSS
8.2AI Score
EPSS
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1973)
The remote host is missing an update for the Huawei...
7.5CVSS
7.1AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1951)
The remote host is missing an update for the Huawei...
7.5CVSS
7.1AI Score
0.001EPSS
EulerOS 2.0 SP10 : git (EulerOS-SA-2023-1951)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,...
7.2AI Score
0.001EPSS
EulerOS 2.0 SP10 : git (EulerOS-SA-2023-1973)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,...
7.2AI Score
0.001EPSS
CentOS 8 : git (CESA-2023:2859)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2859 advisory. Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where...
8.3AI Score
0.011EPSS
qemu-kvm security, bug fix, and enhancement update
[7.2.0-14] - Rebuild for 9.2 release - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-13] -...
6.5CVSS
7.7AI Score
0.002EPSS
Oracle Linux 9 : git (ELSA-2023-2319)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2319 advisory. Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and...
8.6AI Score
0.011EPSS
AlmaLinux 9 : git (ALSA-2023:2319)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2319 advisory. Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where...
8.7AI Score
0.011EPSS
EulerOS 2.0 SP9 : git (EulerOS-SA-2023-1841)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,...
7.2AI Score
0.001EPSS
EulerOS 2.0 SP9 : git (EulerOS-SA-2023-1866)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,...
7.2AI Score
0.001EPSS
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera,...
9.1CVSS
6.4AI Score
0.001EPSS
Summary There are multiple vulnerabilities in Vega 5.22.1 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-26486 DESCRIPTION: **Vega is vulnerable to...
6.5CVSS
6.2AI Score
0.002EPSS
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1841)
The remote host is missing an update for the Huawei...
7.5CVSS
7.1AI Score
0.001EPSS
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1866)
The remote host is missing an update for the Huawei...
7.5CVSS
7.1AI Score
0.001EPSS
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera,...
5.3CVSS
5.3AI Score
0.001EPSS
GLSA-202305-06 : Mozilla Firefox: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-06 (Mozilla Firefox: Multiple Vulnerabilities) An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. (CVE-2022-46871) An attacker...
9.3AI Score
0.007EPSS
GLSA-202305-13 : Mozilla Thunderbird: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-13 (Mozilla Thunderbird: Multiple Vulnerabilities) An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. (CVE-2022-46871) An...
9.2AI Score
0.007EPSS
LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads
In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the...
6.6AI Score
Amazon Linux 2 : thunderbird (ALAS-2023-2028)
The version of thunderbird installed on the remote host is prior to 102.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2028 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and ...
8.5AI Score
0.002EPSS
MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control Vulnerability
...
7.8CVSS
6.9AI Score
0.003EPSS
7.8CVSS
7.9AI Score
EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2023:2064-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2064-1 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime...
9.2AI Score
0.002EPSS
7.8CVSS
6.9AI Score
0.003EPSS
Issue Overview: 2024-01-03: CVE-2023-1999 was added to this advisory. The Mozilla Foundation describes this issue as follows: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from.....
8.8CVSS
8.6AI Score
0.002EPSS
Fileless attacks: How attackers evade traditional AV and how to stop them
When you hear about malware, there's a good chance you think of sketchy executables or files with extensions like .DOCX or .PDF that, once opened, execute malicious code. These are examples of file-based attacks--and while they can be bad, they're nothing compared to their fileless cousins. As the....
6.9AI Score
6.8AI Score
0.003EPSS
Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera,...
6.1CVSS
5.6AI Score
0.001EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix(es): Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547) Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...
8.8CVSS
8.1AI Score
0.003EPSS
An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This...
8.8CVSS
8.9AI Score
0.003EPSS
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This...
8.8CVSS
8.9AI Score
0.003EPSS
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix(es): Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547) Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...
8.8CVSS
8.1AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21835 DESCRIPTION: **An...
5.9CVSS
6.1AI Score
0.002EPSS
Rocky Linux 9 : thunderbird (RLSA-2023:1809)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1809 advisory. matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key...
8.9AI Score
0.003EPSS
Rocky Linux 8 : thunderbird (RLSA-2023:1802)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1802 advisory. matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key...
8.9AI Score
0.003EPSS
CentOS 7 : firefox (RHSA-2023:1791)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1791 advisory. Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability...
8.6AI Score
0.002EPSS
Debian DSA-5392-1 : thunderbird - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5392 advisory. matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can...
8.9AI Score
0.003EPSS
CentOS: Security Advisory for firefox (CESA-2023:1791)
The remote host is missing an update for...
8.8CVSS
8.5AI Score
0.002EPSS
CentOS 7 : thunderbird (RHSA-2023:1806)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1806 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted....
8.6AI Score
0.003EPSS
CentOS: Security Advisory for thunderbird (CESA-2023:1806)
The remote host is missing an update for...
8.8CVSS
7.5AI Score
0.003EPSS
CentOS Errata and Security Advisory CESA-2023:1791 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fix(es): MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp...
8.8CVSS
9AI Score
0.002EPSS
CentOS Errata and Security Advisory CESA-2023:1806 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix(es): Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547) Mozilla:...
8.8CVSS
8.4AI Score
0.003EPSS
Exploit for Observable Discrepancy in Openssl
OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...
5.9CVSS
7.4AI Score
0.002EPSS
Exploit for Improper Certificate Validation in Openssl
OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...
7.5CVSS
7.5AI Score
0.003EPSS
Exploit for Double Free in Openssl
OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...
7.5CVSS
8AI Score
0.001EPSS
Exploit for Use After Free in Openssl
OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...
7.5CVSS
8.1AI Score
0.004EPSS
[1.0.1e-59.0.4] - Backport fixes for CVE-2023-0286 [Orabug: 35212597] [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt() [CVE-2022-0778][Orabug: 33969800] [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732.....
7.4CVSS
8.6AI Score
0.003EPSS