RHEL 8 : nss (RHSA-2021:0538)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0538 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

SUSE-SU-2021:0448-1 Security update for SUSE Manager Server 4.0

This update fixes the following issues: cpu-mitigations-formula: - Handle unsupported target systems gracefully bsc1179273 - add mitigations for Xen hypervisor nutch-core: - Fix XXE injection in DmozParser CVE-2021-23901 bsc1181356 smdba: - Do not remove the database if there is no backup and dea...

CVE-2020-28388

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

Buffer overflow

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

CVE-2020-28388

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

PT-2021-7763 · Unknown · Nucleus Net +7

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET versions prior...

Web-Brutator - Modular Web Interfaces Bruteforcer

Fast Modular Web Interfaces Bruteforcer Install python3 -m pip install -r requirements.txt Usage $ python3 web-brutator.py -h . / \ / \ \ | \ \ / | / | \ // // | \ | | /\ \ | \ \ \ \ / \ \ \ /\ /| \ \ // | | \ | | / | /| | / | | | / /\ / \ / | / || |/ || /| /|| / / / / / Version 0.2...

CVE-2021-21254

CKEditor 5 is an open source rich text editor framework with a modular architecture. The CKEditor 5 Markdown plugin @ckeditor/ckeditor5-markdown-gfm before version 25.0.0 has a regex denial of service ReDoS vulnerability. The vulnerability allowed to abuse link recognition regular expression, whi...

Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline

UPDATE The virulent malware known as Emotet – one of the most prolific malware strains globally – has been dealt a blow thanks to a takedown by an international law-enforcement consortium. Meanwhile, the NetWalker ransomware has also been subjected to partial disruption, according to the U.S...

metasploit-framework

This is a Metasploit Framework repository. The Metasploit Framework is an open-source penetration testing platform that provides a comprehensive set of tools for identifying and exploiting vulnerabilities in computer systems and applications. The framework is written in Ruby and provides a modula...

EulerOS 2.0 SP8 : nss-softokn (EulerOS-SA-2020-2523)

According to the versions of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This...

fabric8-analytics-lsp-server (=0.3.0), graphql-validated-types (>=2.7.0 <=2.11.0) +1 more potentially affected by unknown CVE via semver-regex (>=3.0.0 <=3.1.1)

semver-regex NPM version =3.0.0, =2.7.0, =1.2.0, =1.2.3 Source cves: unknown CVE Source advisory: SNYK:JS-SEMVERREGEX-1047770...

Evolution of Emotet: From Banking Trojan to Malware Distributor

Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses. Being...

Evolution of Emotet: From Banking Trojan to Malware Distributor

Emotet is one of the most dangerous and widespread malware threats active today. Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses. Being...

RHEL 8 : openssl (RHSA-2020:4514)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4514 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

New ModPipe Point of Sale (POS) Malware Targeting Restaurants, Hotels

Cybersecurity researchers today disclosed a new kind of modular backdoor that targets point-of-sale POS restaurant management software from Oracle in an attempt to pilfer sensitive payment information stored in the devices. The backdoor — dubbed "ModPipe" — impacts Oracle MICROS Restaurant...

CentOS 7 : nss and nspr (RHSA-2020:4076)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4076 advisory. - When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Securi...

openssl: Integer overflow in RSAZ modular exponentiation on x86_64

An integer overflow was found in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream: No EC algorithms are affected. Attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

openssl: Integer overflow in RSAZ modular exponentiation on x86_64

An integer overflow was found in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream: No EC algorithms are affected. Attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

CVE-2020-12400

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...