Bala Krishna, Sergey Yakovlev Security Vulnerabilities
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.516.1.1] - net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588} [4.14.35-2047.516.1] - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug:...
-0.1AI Score
0.001EPSS
Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Student Result or Employee Database plugin (versions <= 1.7.4). Solution Update the WordPress Student Result or Employee...
5.4CVSS
2.1AI Score
0.001EPSS
WordPress VR Calendar plugin < 2.3.1 - Unauthenticated Arbitrary Function Call vulnerability
Unauthenticated Arbitrary Function Call vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress VR Calendar plugin (versions < 2.3.1). Solution Update the WordPress VR Calendar plugin to the latest available version (at least...
9.8CVSS
2.2AI Score
0.319EPSS
Luna and Black Basta — new ransomware for Windows, Linux and ESXi
Introduction In our crimeware reporting service, we analyze the latest crime-related trends we come across. If we look back at what we covered last month, we will see that ransomware (surprise, surprise!) definitely stands out. In this blog post, we provide several excerpts from last month's...
AI Score
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Auto More Tag plugin (versions <= 4.0.0). Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. Th...
4.8CVSS
1.3AI Score
0.001EPSS
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress mTouch Quiz plugin (versions <= 3.1.3). Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download......
4.8CVSS
1.2AI Score
0.001EPSS
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress WP DS Blog Map plugin (versions <= 3.1.3). Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download......
4.8CVSS
0.7AI Score
0.001EPSS
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Better Tag Cloud plugin (versions <= 0.99.5). Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for...
4.8CVSS
1.1AI Score
0.001EPSS
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Google Maps Anywhere plugin (versions <= 1.2.6.3). Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for...
4.8CVSS
0.9AI Score
0.001EPSS
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress DW Promobar plugin (versions <= 1.0.4). Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This...
4.8CVSS
1.1AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.515.3.el7] - uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]...
7.8CVSS
0.1AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.515.3] - uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] - mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] - dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]...
7.8CVSS
0.1AI Score
0.0004EPSS
Dynamic analysis of firmware components in IoT devices
Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object...
-0.6AI Score
Security update for python310 (important)
An update that fixes one vulnerability is now available. Description: This update for python310 fixes the following issues: CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Update to 3.10.5: Core and Builtins gh-93418: Fixed an assert where an f-string has an...
7.6CVSS
-0.4AI Score
0.001EPSS
Hi, everyone! We've just released Chrome 103 (103.0.5060.71) for Android: it'll become available on Google Play over the next few days. This release includes security,stability and performance improvements. You can see a full list of the changes in the Git log. Security Fixes and Rewards Note:...
8.8CVSS
8.5AI Score
0.012EPSS
Security update for python39 (important)
An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for python39 fixes the following issues: CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). Update to 3.9.13: Core and Builtins...
7.6CVSS
-0.5AI Score
0.003EPSS
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress LinkedIn Company Updates plugin (versions <= 1.5.3). Solution Deactivate and delete. This plugin has been closed as of June 21, 2022 and is not available fo...
4.8CVSS
1.1AI Score
0.001EPSS
An Alleged Russian Spy Was Busted Trying to Intern at The Hague
Plus: Firefox adds new privacy protections, a big Intel and AMD chip flaw, and more of the week’s top security...
1.6AI Score
State-Sponsored Phishing Attack Targeted Israeli Military Officials
An advanced persistent threat group, with ties to Iran, is believed behind a phishing campaign targeting high-profile government and military Israeli personnel, according to a report by Check Point Software. Targets of the campaign included a senior leadership in the Israeli defense industry, the.....
0.5AI Score
How much does access to corporate infrastructure cost?
Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion (using ransomware) and carding. However, there is demand on the dark web not only for data obtained through an...
AI Score
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.514.3.el7] - uek-rpm: Update OL7 SecureBoot certificate files (Saeed Mirzamohammadi) [Orabug: 34219958] [4.14.35-2047.514.2] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34207044] {CVE-2022-1729} - debug: Lock down kgdb (Stephen Brennan) [Orabug:...
7CVSS
-0.4AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
5.4.17-2136.308.7.el7 uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) x86/cpu:...
7.8CVSS
-0.4AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.514.3] - uek-rpm: Update OL7 SecureBoot certificate files (Saeed Mirzamohammadi) [Orabug: 34219958] [4.14.35-2047.514.2] - perf: Fix sys_perf_event_open() race against self (Peter Zijlstra) [Orabug: 34207044] {CVE-2022-1729} - debug: Lock down kgdb (Stephen Brennan) [Orabug:...
7CVSS
-0.5AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.308.7] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions (Sherry Yang) [Orabug: 34248329] [5.4.17-2136.308.6] - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) - arm: remove CONFIG_ARCH_HAS_HOLES_MEMORYMODEL (Mike Rapoport) -...
7.8CVSS
-0.4AI Score
0.0004EPSS
PHDays 11: towards the Independence Era
Hello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event. Alternative video link (for Russia): https://vk.com/video-149273431_456239091 As I did last...
7.8CVSS
AI Score
0.969EPSS
New York Man Sentenced to 4 Years in Transnational Cybercrime Scheme
A 37-year-old man from New York has been sentenced to four years in prison for buying stolen credit card information and working in cahoots with a cybercrime cartel known as the Infraud Organization. John Telusma, who went by the alias "Peterelliot," had previously pleaded guilty to one count of...
0.8AI Score
Security fix for the ALT Linux 8 package clamav version 0.103.6-alt1
0.103.6-alt1 built May 25, 2022 Sergey Y. Afonin in task #300477 May 20, 2022 Sergey Y. Afonin - 0.103.6 + CVE-2022-20770 + CVE-2022-20796 + CVE-2022-20771 + CVE-2022-20785 +...
7.8CVSS
6.5AI Score
0.017EPSS
Security fix for the ALT Linux 9 package clamav version 0.103.6-alt1
0.103.6-alt1 built May 24, 2022 Sergey Y. Afonin in task #300475 May 20, 2022 Sergey Y. Afonin - 0.103.6 + CVE-2022-20770 + CVE-2022-20796 + CVE-2022-20771 + CVE-2022-20785 +...
7.8CVSS
6.5AI Score
0.017EPSS
Security fix for the ALT Linux 10 package clamav version 0.103.6-alt1
0.103.6-alt1 built May 23, 2022 Sergey Y. Afonin in task #300259 May 20, 2022 Sergey Y. Afonin - 0.103.6 + CVE-2022-20770 + CVE-2022-20796 + CVE-2022-20771 + CVE-2022-20785 +...
7.8CVSS
6.5AI Score
0.017EPSS
Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting
The plugin does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their.....
4.8CVSS
0.8AI Score
0.001EPSS
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Krishna Harsha Kondaveeti in WordPress Google Places Reviews plugin (versions <= 1.5.2). Solution Fixed in version 2.0.0, but has been closed as of April 8, 2022 and is not available for download. This closure...
4.8CVSS
2.4AI Score
0.001EPSS
Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting
The plugin does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their.....
4.8CVSS
1.3AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.513.2.el7] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1.el7] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow...
7.8CVSS
-0.3AI Score
0.0004EPSS
Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Easy FAQ with Expanding Text plugin (versions <= 3.2.8.3.1). Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for...
4.8CVSS
1.2AI Score
0.001EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.513.2] - Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy Palaniappan) [Orabug: 34124234] [4.14.35-2047.513.1] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050050] - esp: Fix possible buffer overflow in ESP...
7.8CVSS
-0.2AI Score
0.0004EPSS
WordPress No Future Posts plugin <= 1.4 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress No Future Posts plugin (versions <= 1.4). Solution Deactivate and delete. This plugin has been closed as of April 18, 2022 and is not available for download. This...
4.8CVSS
1.3AI Score
0.001EPSS
WordPress Amazon Link plugin <= 3.2.10 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Amazon Link plugin (versions <= 3.2.10). Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for download. This....
4.8CVSS
1.3AI Score
0.001EPSS
WordPress hpb Dashboard plugin <= 1.3.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress hpb Dashboard plugin (versions <= 1.3.1). Solution Deactivate and delete. This plugin has been closed as of April 29, 2022 and is not available for download. This...
4.8CVSS
1AI Score
0.001EPSS
WordPress Call&Book Mobile Bar plugin <= 1.2.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Call&Book Mobile Bar plugin (versions <= 1.2.2). Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is not available for downloa...
4.8CVSS
1.3AI Score
0.001EPSS
WordPress Simple Real Estate Pack plugin <= 1.4.8 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting (XSS) vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in the WordPress Simple Real Estate Pack plugin (versions <= 1.4.8). Solution Deactivate and delete. This plugin has been closed as of April 14, 2022 and is not available for...
4.8CVSS
1.6AI Score
0.001EPSS
Security fix for the ALT Linux 10 package polkit version 0.120-alt1.qa2
0.120-alt1.qa2 built May 6, 2022 Sergey V Turchin in task #299494 Feb. 28, 2022 Yuri N. Sedunov - upplied upstream fix for CVE-2021-4115...
5.5CVSS
2.3AI Score
0.001EPSS
U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers
The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in.....
1.5AI Score
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress WP YouTube Live plugin (versions <= 1.8.2). Solution Update the WordPress WP YouTube Live plugin to the latest available version (at least...
4.8CVSS
0.8AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.512.6.el7] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo...
8.8CVSS
AI Score
0.095EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.512.6] - Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993774] [4.14.35-2047.512.5] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo...
8.8CVSS
AI Score
0.095EPSS
Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti in WordPress Social Stickers plugin (versions <= 2.2.9). Solution Deactivate and delete. This plugin has been closed as of April 19, 2022 and is....
6.1CVSS
2.6AI Score
0.001EPSS
Siemens OPC UA Protocol Stack Discovery Service (Update E)
EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Improper restriction of XML external entity reference 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled...
8.2CVSS
8.1AI Score
0.006EPSS
Hi, everyone! We've just released Chrome 100 (100.0.4896.127) for Android: it'll become available on Google Play over the next few days. This release includes security, stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please...
8.8CVSS
8.4AI Score
0.02EPSS
chromium -- multiple vulnerabilities
Chrome Releases reports: This release contains 28 security fixes, including: [1292261] High CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani on 2022-01-29 [1291891] High CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous on 2022-01-28...
8.8CVSS
0.5AI Score
0.004EPSS
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 100 to the stable channel for Windows, Mac and Linux. Chrome 100 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks. Chrome 100.0.4896.60 contains a number of...
8.8CVSS
8.6AI Score
0.004EPSS