AlmaLinux 8 : container-tools:rhel8 (ALSA-2022:7457)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7457 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access to th...

Input validation

Improper input validation in the IntelR Distribution of OpenVINOTM Toolkit may allow an authenticated user to potentially enable denial of service via network access...

CVE-2021-26251

Improper input validation in the IntelR Distribution of OpenVINOTM Toolkit may allow an authenticated user to potentially enable denial of service via network access...

Fedora: Security Advisory for golang-github-distribution-3 (FEDORA-2022-741325e9a0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-45063

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...

CVE-2022-45063

xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions...

Node.js: Take over subdomain undici.nodejs.org.cdn.cloudflare.net

Hello, this is a pretty serious security issue in some contexts, so please act as soon as possible Summary: I just went to undici.nodejs.org, and I've also checked the IP of the main domain it goes to cdn.cloudflare.net which means if it's not added it can be added to any github account your...

Amazon Linux 2022 : flatpak, flatpak-devel, flatpak-libs (ALAS2022-2022-179)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-179 advisory. An incorrect authorization vulnerability was found in Flatpak. Flatpak does not properly validate that the permissions displayed to the user for an app at install time match the actual...

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-2706)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distributi...

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites. Targets of the operation consist of victims in Ukraine an...

GHSA-39HC-V87J-747X Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-38.0.3 are vulnerable to a number of security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221101.txt...

[SECURITY] [DSA 5268-1] ffmpeg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5268-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 01, 2022 https://www.debian.org/security/faq -...

Fedora: Security Advisory for golang-github-distribution-3 (FEDORA-2022-13ad572b5a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints

The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot aka Silence, and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection...

org.apache.iotdb:customize-mqtt-example (>=0.13.0 <=0.13.2), org.apache.iotdb:integration (>=0.13.0 <=0.13.2) +5 more potentially affected by CVE-2022-43766 via org.apache.iotdb:iotdb-server (>=0.12.2 <=0.13.2)

org.apache.iotdb:iotdb-server MAVEN version =0.12.2, =0.13.0, =0.13.0, =0.12.2, =0.12.2, =0.12.6, =0.13.0, =0.12.2, =0.13.2 Source cves: CVE-2022-43766 Source advisory: OSV:GHSA-G6HG-4V3C-6JQ7...

Bomber - Scans Software Bill Of Materials (SBOMs) For Security Vulnerabilities

bomber is an application that scans SBOMs for security vulnerabilities. Overview So you've asked a vendor for an Software Bill of Materials SBOM for one of their closed source products, and they provided one to you in a JSON file... now what? The first thing you're going to want to do is see if a...

VulnCheck KEV: CVE-2022-26500

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

VulnCheck KEV: CVE-2022-26501

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code...

Ransomware attack freezes newspaper printing system

Several German newspapers were left unable to release printed versions of their papers after a ransomware attack affected their printing systems. Speaking to BleepingComputer, Uwe Ralf Heer, editor-in-chief of Heilbronn Stimme, said the attack hit the entire Stimme Mediengruppe media group, which...

CVE-2022-22233

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. In Segment Routing SR to Label Distribution Protocol L...