Website Optimization – Plerdy Security Vulnerabilities

Design/Logic Flaw

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

APT attacks: Exploring Advanced Persistent Threats and their evasive techniques

Cyber criminals come in all shapes and sizes. On one end of the spectrum, there's the script kiddie or inexperienced ransomware gang looking to make a quick buck. On the other end are state-sponsored groups using far more sophisticated tactics--often with long-term, strategic goals in mind....

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023)

Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities.....

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1973)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1951)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP10 : git (EulerOS-SA-2023-1951)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,...

EulerOS 2.0 SP10 : git (EulerOS-SA-2023-1973)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,...

CentOS 8 : git (CESA-2023:2859)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2859 advisory. Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where...

qemu-kvm security, bug fix, and enhancement update

[7.2.0-14] - Rebuild for 9.2 release - Resolves: bz#2173590 (bugs in emulation of BMI instructions (for libguestfs without KVM)) - Resolves: bz#2156876 ([virtual network][rhel7.9_guest] qemu-kvm: vhost vring error in virtqueue 1: Invalid argument (22)) [7.2.0-13] -...

Oracle Linux 9 : git (ELSA-2023-2319)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2319 advisory. Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and...

AlmaLinux 9 : git (ALSA-2023:2319)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2319 advisory. Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where...

EulerOS 2.0 SP9 : git (EulerOS-SA-2023-1841)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,...

EulerOS 2.0 SP9 : git (EulerOS-SA-2023-1866)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-27554)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera,...

Security Bulletin: Vega Vulnerabilities affect IBM Decision Optimization in IBM Cloud Pak for Data (CVE-2023-26486, CVE-2023-26487)

Summary There are multiple vulnerabilities in Vega 5.22.1 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-26486 DESCRIPTION: **Vega is vulnerable to...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1841)

The remote host is missing an update for the Huawei...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-1866)

The remote host is missing an update for the Huawei...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2022-39161)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera,...

GLSA-202305-06 : Mozilla Firefox: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-06 (Mozilla Firefox: Multiple Vulnerabilities) An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. (CVE-2022-46871) An attacker...

GLSA-202305-13 : Mozilla Thunderbird: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-13 (Mozilla Thunderbird: Multiple Vulnerabilities) An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. (CVE-2022-46871) An...

LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads

In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the...

Amazon Linux 2 : thunderbird (ALAS-2023-2028)

The version of thunderbird installed on the remote host is prior to 102.10.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2028 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and ...

MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control Vulnerability

...

MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control

...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2023:2064-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2064-1 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime...

MilleGPG5 5.9.2 Local Privilege Escalation Vulnerability

...

Important: thunderbird

Issue Overview: 2024-01-03: CVE-2023-1999 was added to this advisory. The Mozilla Foundation describes this issue as follows: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from.....

Fileless attacks: How attackers evade traditional AV and how to stop them

When you hear about malware, there's a good chance you think of sketchy executables or files with extensions like .DOCX or .PDF that, once opened, execute malicious code. These are examples of file-based attacks--and while they can be bad, they're nothing compared to their fileless cousins. As the....

MilleGPG5 5.9.2 Local Privilege Escalation

...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2023-24966)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities), Maximo Adapter for Primavera,...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix(es): Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547) Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix(es): Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547) Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2023-21835, CVE-2023-21830, CVE-2023-21843 and CVE-2022-4304)

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Version 11 used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21835 DESCRIPTION: **An...

Rocky Linux 9 : thunderbird (RLSA-2023:1809)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1809 advisory. matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key...

Rocky Linux 8 : thunderbird (RLSA-2023:1802)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1802 advisory. matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key...

CentOS 7 : firefox (RHSA-2023:1791)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1791 advisory. Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability...

Debian DSA-5392-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5392 advisory. matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can...

CentOS: Security Advisory for firefox (CESA-2023:1791)

The remote host is missing an update for...

CentOS 7 : thunderbird (RHSA-2023:1806)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1806 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted....

CentOS: Security Advisory for thunderbird (CESA-2023:1806)

The remote host is missing an update for...

firefox security update

CentOS Errata and Security Advisory CESA-2023:1791 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.10.0 ESR. Security Fix(es): MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp...

thunderbird security update

CentOS Errata and Security Advisory CESA-2023:1806 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fix(es): Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547) Mozilla:...

Exploit for Observable Discrepancy in Openssl

OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...

Exploit for Improper Certificate Validation in Openssl

OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...

Exploit for Double Free in Openssl

OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...

Exploit for Use After Free in Openssl

OpenSSL 1.1.1g 21 Apr 2020 Copyright (c) 1998-2020 The...

openssl security update

[1.0.1e-59.0.4] - Backport fixes for CVE-2023-0286 [Orabug: 35212597] [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt() [CVE-2022-0778][Orabug: 33969800] [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732.....