Lucene search

K

Bala Krishna, Sergey Yakovlev Security Vulnerabilities

patchstack
patchstack

WordPress VR Calendar plugin < 2.3.1 - Unauthenticated Arbitrary Function Call vulnerability

Unauthenticated Arbitrary Function Call vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress VR Calendar plugin (versions &lt; 2.3.1). Solution Update the WordPress VR Calendar plugin to the latest available version (at least...

9.8CVSS

2.2AI Score

0.319EPSS

2022-07-22 12:00 AM
32
securelist
securelist

Luna and Black Basta — new ransomware for Windows, Linux and ESXi

Introduction In our crimeware reporting service, we analyze the latest crime-related trends we come across. If we look back at what we covered last month, we will see that ransomware (surprise, surprise!) definitely stands out. In this blog post, we provide several excerpts from last month's...

AI Score

2022-07-20 08:00 AM
22
patchstack
patchstack

WordPress Auto More Tag plugin <= 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Auto More Tag plugin (versions &lt;= 4.0.0). Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. Th...

4.8CVSS

1.3AI Score

0.001EPSS

2022-07-18 12:00 AM
11
patchstack
patchstack

WordPress mTouch Quiz plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress mTouch Quiz plugin (versions &lt;= 3.1.3). Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download......

4.8CVSS

1.2AI Score

0.001EPSS

2022-07-18 12:00 AM
3
patchstack
patchstack

WordPress WP DS Blog Map plugin <= 3.1.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress WP DS Blog Map plugin (versions &lt;= 3.1.3). Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download......

4.8CVSS

0.7AI Score

0.001EPSS

2022-07-18 12:00 AM
9
patchstack
patchstack

WordPress Better Tag Cloud plugin <= 0.99.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Better Tag Cloud plugin (versions &lt;= 0.99.5). Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for...

4.8CVSS

1.1AI Score

0.001EPSS

2022-07-18 12:00 AM
5
patchstack
patchstack

WordPress Google Maps Anywhere plugin <= 1.2.6.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Google Maps Anywhere plugin (versions &lt;= 1.2.6.3). Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for...

4.8CVSS

0.9AI Score

0.001EPSS

2022-07-18 12:00 AM
5
patchstack
patchstack

WordPress DW Promobar plugin <= 1.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress DW Promobar plugin (versions &lt;= 1.0.4). Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This...

4.8CVSS

1.1AI Score

0.001EPSS

2022-07-18 12:00 AM
8
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.515.3] - uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]...

7.8CVSS

0.1AI Score

0.0004EPSS

2022-07-11 12:00 AM
84
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.515.3.el7] - uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]...

7.8CVSS

0.1AI Score

0.0004EPSS

2022-07-11 12:00 AM
50
securelist
securelist

Dynamic analysis of firmware components in IoT devices

Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object...

-0.6AI Score

2022-07-06 10:00 AM
17
suse
suse

Security update for python310 (important)

An update that fixes one vulnerability is now available. Description: This update for python310 fixes the following issues: CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Update to 3.10.5: Core and Builtins gh-93418: Fixed an assert where an f-string has an...

7.6CVSS

-0.4AI Score

0.001EPSS

2022-07-06 12:00 AM
32
chrome
chrome

Chrome for Android Update

Hi, everyone! We've just released Chrome 103 (103.0.5060.71) for Android: it'll become available on Google Play over the next few days. This release includes security,stability and performance improvements. You can see a full list of the changes in the Git log. Security Fixes and Rewards Note:...

8.8CVSS

8.5AI Score

0.012EPSS

2022-07-04 12:00 AM
40
suse
suse

Security update for python39 (important)

An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for python39 fixes the following issues: CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Update to 3.9.13: Core and Builtins...

7.6CVSS

-0.5AI Score

0.003EPSS

2022-06-24 12:00 AM
54
patchstack
patchstack

WordPress LinkedIn Company Updates plugin <= 1.5.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress LinkedIn Company Updates plugin (versions &lt;= 1.5.3). Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available fo...

4.8CVSS

1.1AI Score

0.001EPSS

2022-06-20 12:00 AM
5
wired
wired

An Alleged Russian Spy Was Busted Trying to Intern at The Hague

Plus: Firefox adds new privacy protections, a big Intel and AMD chip flaw, and more of the week’s top security...

1.6AI Score

2022-06-18 01:00 PM
4
threatpost
threatpost

State-Sponsored Phishing Attack Targeted Israeli Military Officials

An advanced persistent threat group, with ties to Iran, is believed behind a phishing campaign targeting high-profile government and military Israeli personnel, according to a report by Check Point Software. Targets of the campaign included a senior leadership in the Israeli defense industry, the.....

0.5AI Score

2022-06-16 11:59 AM
38
securelist
securelist

How much does access to corporate infrastructure cost?

Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an...

AI Score

2022-06-15 10:00 AM
10
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.514.3.el7] - uek-rpm: Update OL7 SecureBoot certificate files (Saeed Mirzamohammadi) [Orabug: 34219958] [4.14.35-2047.514.2] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34207044] {CVE-2022-1729} - debug: Lock down kgdb (Stephen Brennan) [Orabug:...

7CVSS

-0.4AI Score

0.0004EPSS

2022-06-15 12:00 AM
45
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

5.4.17-2136.308.7.el7 uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) x86/cpu:...

7.8CVSS

-0.4AI Score

0.0004EPSS

2022-06-14 12:00 AM
23
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.514.3] - uek-rpm: Update OL7 SecureBoot certificate files (Saeed Mirzamohammadi) [Orabug: 34219958] [4.14.35-2047.514.2] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34207044] {CVE-2022-1729} - debug: Lock down kgdb (Stephen Brennan) [Orabug:...

7CVSS

-0.5AI Score

0.0004EPSS

2022-06-14 12:00 AM
27
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.308.7] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) -...

7.8CVSS

-0.4AI Score

0.0004EPSS

2022-06-14 12:00 AM
35
avleonov
avleonov

PHDays 11: towards the Independence Era

Hello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event. Alternative video link (for Russia): https://vk.com/video-149273431_456239091 As I did last...

7.8CVSS

AI Score

0.968EPSS

2022-06-11 12:46 AM
83
thn
thn

New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme

A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. John Telusma, who went by the alias "Peterelliot," had previously pleaded guilty to one count of...

0.8AI Score

2022-05-28 02:14 PM
9
altlinux
altlinux

Security fix for the ALT Linux 8 package clamav version 0.103.6-alt1

0.103.6-alt1 built May 25, 2022 Sergey Y. Afonin in task #300477 May 20, 2022 Sergey Y. Afonin - 0.103.6 + CVE-2022-20770 + CVE-2022-20796 + CVE-2022-20771 + CVE-2022-20785 +...

7.8CVSS

6.5AI Score

0.017EPSS

2022-05-25 12:00 AM
11
altlinux
altlinux

Security fix for the ALT Linux 9 package clamav version 0.103.6-alt1

0.103.6-alt1 built May 24, 2022 Sergey Y. Afonin in task #300475 May 20, 2022 Sergey Y. Afonin - 0.103.6 + CVE-2022-20770 + CVE-2022-20796 + CVE-2022-20771 + CVE-2022-20785 +...

7.8CVSS

6.5AI Score

0.017EPSS

2022-05-24 12:00 AM
11
altlinux
altlinux

Security fix for the ALT Linux 10 package clamav version 0.103.6-alt1

0.103.6-alt1 built May 23, 2022 Sergey Y. Afonin in task #300259 May 20, 2022 Sergey Y. Afonin - 0.103.6 + CVE-2022-20770 + CVE-2022-20796 + CVE-2022-20771 + CVE-2022-20785 +...

7.8CVSS

6.5AI Score

0.017EPSS

2022-05-23 12:00 AM
7
wpexploit
wpexploit

Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their.....

4.8CVSS

0.8AI Score

0.001EPSS

2022-05-17 12:00 AM
80
patchstack
patchstack

WordPress Google Places Reviews plugin <= 1.5.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Krishna Harsha Kondaveeti in WordPress Google Places Reviews plugin (versions &lt;= 1.5.2). Solution Fixed in version 2.0.0, but has been closed as of April 8, 2022 and is not available for download. This closure...

4.8CVSS

2.4AI Score

0.001EPSS

2022-05-17 12:00 AM
2
wpvulndb
wpvulndb

Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their.....

4.8CVSS

1.3AI Score

0.001EPSS

2022-05-17 12:00 AM
6
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.513.2.el7] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1.el7] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow...

7.8CVSS

-0.3AI Score

0.0004EPSS

2022-05-10 12:00 AM
35
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.513.2] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow in ESP...

7.8CVSS

-0.2AI Score

0.0004EPSS

2022-05-10 12:00 AM
83
patchstack
patchstack

WordPress Easy FAQ with Expanding Text plugin <= 3.2.8.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Easy FAQ with Expanding Text plugin (versions &lt;= 3.2.8.3.1). Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for...

4.8CVSS

1.2AI Score

0.001EPSS

2022-05-10 12:00 AM
7
patchstack
patchstack

WordPress No Future Posts plugin <= 1.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress No Future Posts plugin (versions &lt;= 1.4). Solution Deactivate and delete. This plugin has been closed as of April 18, 2022 and is not available for download. This...

4.8CVSS

1.3AI Score

0.001EPSS

2022-05-09 12:00 AM
7
patchstack
patchstack

WordPress Amazon Link plugin <= 3.2.10 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Amazon Link plugin (versions &lt;= 3.2.10). Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for download. This....

4.8CVSS

1.3AI Score

0.001EPSS

2022-05-09 12:00 AM
8
patchstack
patchstack

WordPress Call&Book Mobile Bar plugin <= 1.2.2 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Call&Book Mobile Bar plugin (versions &lt;= 1.2.2). Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for downloa...

4.8CVSS

1.3AI Score

0.001EPSS

2022-05-09 12:00 AM
12
patchstack
patchstack

WordPress hpb Dashboard plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress hpb Dashboard plugin (versions &lt;= 1.3.1). Solution Deactivate and delete. This plugin has been closed as of April 29, 2022 and is not available for download. This...

4.8CVSS

1AI Score

0.001EPSS

2022-05-09 12:00 AM
9
patchstack
patchstack

WordPress Simple Real Estate Pack plugin <= 1.4.8 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Simple Real Estate Pack plugin (versions &lt;= 1.4.8). Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for...

4.8CVSS

1.6AI Score

0.001EPSS

2022-05-09 12:00 AM
7
altlinux
altlinux

Security fix for the ALT Linux 10 package polkit version 0.120-alt1.qa2

0.120-alt1.qa2 built May 6, 2022 Sergey V Turchin in task #299494 Feb. 28, 2022 Yuri N. Sedunov - upplied upstream fix for CVE-2021-4115...

5.5CVSS

2.3AI Score

0.001EPSS

2022-05-06 12:00 AM
17
thn
thn

U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers

The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in.....

1.5AI Score

2022-04-27 08:28 AM
41
patchstack
patchstack

WordPress WP YouTube Live plugin <= 1.8.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress WP YouTube Live plugin (versions &lt;= 1.8.2). Solution Update the WordPress WP YouTube Live plugin to the latest available version (at least...

4.8CVSS

0.8AI Score

0.001EPSS

2022-04-25 12:00 AM
13
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.512.6.el7] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo...

8.8CVSS

AI Score

0.095EPSS

2022-04-25 12:00 AM
41
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.512.6] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo...

8.8CVSS

AI Score

0.095EPSS

2022-04-25 12:00 AM
62
patchstack
patchstack

WordPress Social Stickers plugin <= 2.2.9 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Social Stickers plugin (versions &lt;= 2.2.9). Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is....

6.1CVSS

2.6AI Score

0.001EPSS

2022-04-20 12:00 AM
8
ics
ics

Siemens OPC UA Protocol Stack Discovery Service (Update E)

EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Improper restriction of XML external entity reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...

8.2CVSS

8.1AI Score

0.006EPSS

2022-04-14 12:00 PM
28
chrome
chrome

Chrome for Android Update

Hi, everyone! We've just released Chrome 100 (100.0.4896.127) for Android: it'll become available on Google Play over the next few days. This release includes security, stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please...

8.8CVSS

8.4AI Score

0.02EPSS

2022-04-14 12:00 AM
28
freebsd
freebsd

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 28 security fixes, including: [1292261] High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29 [1291891] High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28...

8.8CVSS

0.5AI Score

0.004EPSS

2022-03-29 12:00 AM
20
chrome
chrome

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 100 to the stable channel for Windows, Mac and Linux. Chrome 100 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks. Chrome 100.0.4896.60 contains a number of...

8.8CVSS

8.6AI Score

0.004EPSS

2022-03-29 12:00 AM
339
krebs
krebs

Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison

An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of "cashing out" access to hacked bank accounts worldwide. Maksim...

AI Score

2022-03-25 05:10 PM
16
krebs
krebs

Internet Backbone Giant Lumen Shuns .RU

Lumen Technologies, an American company that operates one of the largest Internet backbones and carries a significant percentage of the world's Internet traffic, said today it will stop routing traffic for organizations based in Russia. Lumen's decision comes just days after a similar exit by...

0.7AI Score

2022-03-08 11:35 PM
8
Total number of security vulnerabilities1083