Lucene search

K

Bala Krishna, Sergey Yakovlev Security Vulnerabilities

krebs
krebs

Interview With a Crypto Scam Investment Spammer

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several...

6.8AI Score

2023-05-23 12:15 AM
43
prion
prion

Cross site scripting

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02...

4.8CVSS

4.8AI Score

0.0005EPSS

2023-05-03 03:15 PM
5
cve
cve

CVE-2023-23808

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02...

5.9CVSS

4.8AI Score

0.0005EPSS

2023-05-03 03:15 PM
16
nvd
nvd

CVE-2023-23808

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02...

4.8CVSS

5.4AI Score

0.0005EPSS

2023-05-03 03:15 PM
1
nessus
nessus

Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1083-1)

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904) Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service....

8.1CVSS

8.5AI Score

0.232EPSS

2013-03-09 12:00 AM
19
nessus
nessus

Ubuntu 10.04 LTS / 10.10 : linux-mvl-dove vulnerabilities (USN-1093-1)

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904) Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service....

8.1CVSS

8.5AI Score

0.063EPSS

2013-03-08 12:00 AM
32
nessus
nessus

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : linux, linux-ec2, linux-source-2.6.15 vulnerabilities (USN-1000-1)

Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904) Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a.....

7.8CVSS

8AI Score

0.232EPSS

2010-10-20 12:00 AM
147
cvelist
cvelist

CVE-2023-23808 WordPress Sponsors Carousel Plugin <= 4.02 is vulnerable to Cross Site Scripting (XSS)

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin &lt;= 4.02...

5.9CVSS

5.5AI Score

0.0005EPSS

2023-05-03 02:31 PM
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-101.103.2.1] - Revert 'attr: use consistent sgid stripping checks' (Sherry Yang) [Orabug: 35346968] - Revert 'iommu: Force iommu shutdown on panic' (Boris Ostrovsky) [Orabug: 35346963] [5.15.0-101.103.2] - uek-rpm: mod-extra: Remove mt7921e.ko from extras list (Harshit Mogalapalli) ...

6.5CVSS

7.7AI Score

0.0004EPSS

2023-05-09 12:00 AM
180
altlinux
altlinux

Security fix for the ALT Linux 10 package libmicrohttpd version 0.9.76-alt1

0.9.76-alt1 built April 6, 2023 Alexander Danilov in task #317701 March 29, 2023 Sergey Bolshakov - 0.9.76 released (fixes:...

5.9CVSS

5.8AI Score

0.001EPSS

2023-04-06 12:00 AM
11
altlinux
altlinux

Security fix for the ALT Linux 8 package clamav version 0.103.8-alt1

0.103.8-alt1 built March 27, 2023 Sergey Y. Afonin in task #316773 March 9, 2023 Sergey Y. Afonin - 0.103.8 (CVE-2023-20032,...

9.8CVSS

7.5AI Score

0.003EPSS

2023-03-27 12:00 AM
10
altlinux
altlinux

Security fix for the ALT Linux 9 package clamav version 0.103.8-alt1

0.103.8-alt1 built March 17, 2023 Sergey Y. Afonin in task #316772 March 9, 2023 Sergey Y. Afonin - 0.103.8 (CVE-2023-20032,...

9.8CVSS

7.5AI Score

0.003EPSS

2023-03-17 12:00 AM
12
altlinux
altlinux

Security fix for the ALT Linux 10 package clamav version 0.103.8-alt1

0.103.8-alt1 built March 15, 2023 Sergey Y. Afonin in task #316417 March 9, 2023 Sergey Y. Afonin - 0.103.8 (CVE-2023-20032,...

9.8CVSS

7.5AI Score

0.003EPSS

2023-03-15 12:00 AM
12
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-8.91.4.1] - uek-rpm: Add opbmc to core rpm (Somasundaram Krishnasamy) [Orabug: 35157130] [5.15.0-8.91.4] - selftests/vm: remove ARRAY_SIZE define from individual tests (Shuah Khan) [Orabug: 35088471] - selftests: Provide local define of __cpuid_count() (Reinette Chatre) [Orabug:...

7.8CVSS

8.4AI Score

0.001EPSS

2023-03-16 12:00 AM
22
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.522.3] - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) [Orabug: 34653896] {CVE-2022-3303} - net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979172] - net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607787] - Revert 'RDS:...

8.8CVSS

8.5AI Score

0.002EPSS

2023-02-14 12:00 AM
26
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.522.3] - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (Sasha Levin) [Orabug: 34653896] {CVE-2022-3303} - net/rds: Fill in rds_exthdr_size gaps (Gerd Rausch) [Orabug: 34979172] - net/rds: Trigger rds_send_hs_ping() more than once (Gerd Rausch) [Orabug: 34607787] - Revert 'RDS:...

8.8CVSS

8.5AI Score

0.002EPSS

2023-02-13 12:00 AM
20
krebs
krebs

U.S., U.K. Sanction 7 Men Tied to Trickbot Hacking Group

Authorities in the United States and United Kingdom today levied financial sanctions against seven men accused of operating "Trickbot," a cybercrime-as-a-service platform based in Russia that has enabled countless ransomware attacks and bank account takeovers since its debut in 2016. The U.S....

0.7AI Score

2023-02-09 08:23 PM
17
securelist
securelist

What your SOC will be facing in 2023

As the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers (SOCs) is becoming paramount. This year's Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first...

0.3AI Score

2023-01-23 10:00 AM
16
securelist
securelist

How much security is enough?

According to a prominent Soviet science fiction writer, beauty is a fine line, a razor's edge between two opposites locked in a never-ending battle. Today, we would put it less poetically as an ideal compromise between contradictions. An elegant, or beautiful, design is one that allows reaching...

-0.1AI Score

2023-01-09 10:38 AM
9
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core...

8.8CVSS

8.6AI Score

0.001EPSS

2023-01-12 12:00 AM
19
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.15.0-6.80.3.1] - Revert 'rds: ib: Enable FC by default' (Hakon Bugge) [Orabug: 34964359] [5.15.0-6.80.3] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888471] - rds: ib: Fix leaked MRs during kexec (Hakon Bugge) [Orabug: 34892082] - uek-rpm: Add ptp_kvm.ko to core...

8.8CVSS

8.6AI Score

0.001EPSS

2023-01-12 12:00 AM
23
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.315.5] - Revert 'xfs: Lower CIL flush limit for large logs' (Sherry Yang) [Orabug: 34917369] - Revert 'xfs: Throttle commits on delayed background CIL push' (Sherry Yang) [Orabug: 34917369] - Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang) [Orabug:...

7.8CVSS

-0.5AI Score

0.001EPSS

2023-01-09 12:00 AM
26
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.315.5] - Revert 'xfs: fix use-after-free on CIL context on shutdown' (Sherry Yang) [Orabug: 34917369] [5.4.17-2136.315.4] - net/mlx5: Suppress error logging on UCTX creation (Marina) [Orabug: 34888473] - uek-rpm: Add ptp_kvm.ko to nano rpm (Somasundaram Krishnasamy) [Orabug:...

7.8CVSS

-0.6AI Score

0.001EPSS

2023-01-09 12:00 AM
24
thn
thn

FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape

An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct...

8.8CVSS

1AI Score

0.973EPSS

2022-12-22 01:13 PM
44
nvidia
nvidia

Security Bulletin: NVIDIA GPU Display Driver - November 2022

NVIDIA has released a software security update for NVIDIA GPU Display Driver. This update addresses issues that may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. To protect your system, download and install this software update...

8.8CVSS

7.5AI Score

0.001EPSS

2022-11-29 12:00 AM
31
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.314.6.2] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1] - RDMA/uverbs: Move...

7.8CVSS

0.6AI Score

0.0005EPSS

2022-12-12 12:00 AM
16
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.314.6.2.el7] - proc: proc_skip_spaces() shouldn't think it is working on C strings (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long (Linus Torvalds) [Orabug: 34883034] {CVE-2022-4378} [5.4.17-2136.314.6.1.el7] - RDMA/uverbs:...

7.8CVSS

0.6AI Score

0.0005EPSS

2022-12-12 12:00 AM
23
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.15.0-4.70.5.2] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation() (Trond Myklebust) [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI...

5.5CVSS

-0.1AI Score

0.0004EPSS

2022-11-26 12:00 AM
12
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-4.70.5.2] - Revert 'sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle' (Samasth Norway Ananda) [Orabug: 34783367] [5.15.0-4.70.5.1] - NFSv4: Fixes for nfs4_inode_return_delegation() (Trond Myklebust) [Orabug: 34751176] [5.15.0-4.70.5] - uek: kabi: update kABI...

5.5CVSS

-0.1AI Score

0.0004EPSS

2022-11-26 12:00 AM
15
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.519.2.1] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with...

7.8CVSS

-0.1AI Score

0.0004EPSS

2022-11-15 12:00 AM
16
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.519.2.1.el7] - xfs: trim IO to found COW extent limit (Eric Sandeen) [Orabug: 34765284] - xfs: don't use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34765284] [4.14.35-2047.519.2] - Revert 'xfs: don't use delalloc extents for COW on files with...

7.8CVSS

-0.1AI Score

0.0004EPSS

2022-11-15 12:00 AM
20
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.313.6] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c (Alok Tiwari) [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34475857] - EDAC/mce_amd: Do not load edac_mce_amd module on guests (Smita...

7CVSS

-0.5AI Score

0.0004EPSS

2022-11-15 12:00 AM
24
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.313.6] - Uninitialized variable image_ext in fixup_vdso_exception of extable.c (Alok Tiwari) [Orabug: 33000550] - NFSD: fix use-after-free on source server when doing inter-server copy (Dai Ngo) [Orabug: 34475857] - EDAC/mce_amd: Do not load edac_mce_amd module on guests (Smita...

7CVSS

-0.5AI Score

0.0004EPSS

2022-11-15 12:00 AM
130
patchstack
patchstack

WordPress Find and Replace All plugin <= 1.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Replacement discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin (versions &lt;= 1.3). Solution No patched version...

2AI Score

0.001EPSS

2022-11-03 12:00 AM
7
patchstack
patchstack

WordPress Find and Replace All plugin <= 1.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Find and Replace All plugin (versions &lt;= 1.2). Solution Update the WordPress Find and Replace All plugin to the latest available version (at least...

1.5AI Score

0.001EPSS

2022-11-03 12:00 AM
4
securelist
securelist

Server-side attacks, C&C in public clouds and other MDR cases we observed

Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response (MDR) team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you.....

AI Score

2022-11-02 08:00 AM
26
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty...

7CVSS

-0.6AI Score

0.0004EPSS

2022-10-21 12:00 AM
17
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.312.3.4] - Revert 'fs: check FMODE_LSEEK to control internal pipe splicing' (Saeed Mirzamohammadi) [Orabug: 34666845] [5.4.17-2136.312.3.3] cpus_read_lock() deadlock (Tejun Heo) [Orabug: 34607590] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty...

7CVSS

-0.6AI Score

0.0004EPSS

2022-10-21 12:00 AM
19
cve
cve

CVE-2009-4530

Mongoose 2.8.0 and earlier allows remote attackers to obtain the source code for a web page by appending ::$DATA to the...

6.8AI Score

0.002EPSS

2022-10-03 04:24 PM
26
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.15.0-2.52.3.el8] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] - rds: ib: Add preemption control when using...

7.8CVSS

-0.3AI Score

EPSS

2022-09-21 12:00 AM
30
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-2.52.3] - posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585} - fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] - rds: ib: Add preemption control when using...

7.8CVSS

-0.3AI Score

EPSS

2022-09-21 12:00 AM
21
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.517.3] - KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]...

6.2CVSS

0.2AI Score

EPSS

2022-09-16 12:00 AM
28
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.517.3.el7] - KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] - KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]...

6.2CVSS

0.2AI Score

EPSS

2022-09-16 12:00 AM
32
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

r[ 5.4.17-2136.310.7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] - x86/bugs: display dynamic retbleed state (Ankur Arora) ...

6.5CVSS

0.1AI Score

EPSS

2022-08-15 12:00 AM
22
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.310.7] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588} - x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] - x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug:...

6.5CVSS

0.1AI Score

EPSS

2022-08-15 12:00 AM
36
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add...

-0.3AI Score

0.001EPSS

2022-08-09 12:00 AM
32
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.516.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588} [4.14.35-2047.516.1] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug:...

-0.1AI Score

0.001EPSS

2022-08-09 12:00 AM
32
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.15.0-1.43.4.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588} [5.15.0-1.43.4] - Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] - Revert selftests/bpf: Add...

-0.3AI Score

0.001EPSS

2022-08-09 12:00 AM
32
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.516.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588} [4.14.35-2047.516.1] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug:...

-0.1AI Score

0.001EPSS

2022-08-09 12:00 AM
26
patchstack
patchstack

WordPress Student Result or Employee Database plugin <= 1.7.4 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Student Result or Employee Database plugin (versions &lt;= 1.7.4). Solution Update the WordPress Student Result or Employee...

5.4CVSS

2.1AI Score

0.001EPSS

2022-08-01 12:00 AM
5
Total number of security vulnerabilities1083