Lucene search

K

Bala Krishna, Sergey Yakovlev Security Vulnerabilities

osv
osv

ceph vulnerabilities

It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. (CVE-2020-25678) Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in...

7.2CVSS

7.3AI Score

0.005EPSS

2021-06-25 02:38 AM
10
ubuntu
ubuntu

Ceph vulnerabilities

Releases Ubuntu 20.10 Ubuntu 20.04 LTS Packages ceph - distributed storage and file system Details It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. (CVE-2020-25678) Goutham Pacha...

7.2CVSS

7.1AI Score

0.005EPSS

2021-06-25 12:00 AM
157
ics
ics

CODESYS Control V2 Linux SysFile library

EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS V2 Runtime Toolkit Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow the control programmer to call...

5.3CVSS

5.9AI Score

0.0004EPSS

2021-06-22 12:00 PM
13
ics
ics

CODESYS V2 web server

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS V2 web server Vulnerabilities: Stack-based Buffer Overflow, Improper Access Control, Buffer Copy without Checking Size of Input, Improperly Implemented Security Check,...

9.8CVSS

10AI Score

0.002EPSS

2021-06-22 12:00 PM
16
ics
ics

CODESYS Control V2 communication

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS V2 Runtime Toolkit, CODESYS PLCWinNT Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Improper Input Validation 2. RISK EVALUATION Successful...

9.8CVSS

9.1AI Score

0.002EPSS

2021-06-22 12:00 PM
121
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[4.14.35-2047.504.2.el7] - md/raid1: properly indicate failure when ending a failed write request (Paul Clements) [Orabug: 32887159] - video: hyperv_fb: Add ratelimit on error message (Michael Kelley) [Orabug: 32856879] - Drivers: hv: vmbus: Initialize unload_event statically (Andrea Parri...

6.7CVSS

-0.2AI Score

0.0004EPSS

2021-06-15 12:00 AM
191
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-2047.504.2] - md/raid1: properly indicate failure when ending a failed write request (Paul Clements) [Orabug: 32887159] - video: hyperv_fb: Add ratelimit on error message (Michael Kelley) [Orabug: 32856879] - Drivers: hv: vmbus: Initialize unload_event statically (Andrea Parri...

6.7CVSS

-0.2AI Score

0.0004EPSS

2021-06-14 12:00 AM
142
thn
thn

Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users

Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices. "The impact of these bugs could have allowed an attacker...

8.8CVSS

1.4AI Score

0.001EPSS

2021-06-11 09:28 AM
74
altlinux
altlinux

Security fix for the ALT Linux 9 package cyrus-imapd version 3.2.7-alt1

3.2.7-alt1 built June 11, 2021 Sergey Y. Afonin in task #274230 June 10, 2021 Sergey Y. Afonin - 3.2.7 (fixes:...

4.3CVSS

5.3AI Score

0.001EPSS

2021-06-11 12:00 AM
8
malwarebytes
malwarebytes

Ransomware to be investigated like terrorism

The impact of recent ransomware attacks on vital infrastructure in the US has triggered a reaction from the US Attorney’s office. In an internal guidance it says that all ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington....

6.6AI Score

2021-06-04 02:01 PM
32
thn
thn

10 Critical Flaws Found in CODESYS Industrial Automation Software

Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to achieve remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or.....

9.8CVSS

1.8AI Score

0.002EPSS

2021-06-04 01:03 PM
59
nessus
nessus

openSUSE Security Update : irssi (openSUSE-2021-587)

This update for irssi fixes the following issues : irssi was updated to 1.2.3 (boo#1184848) Fix the compilation of utf8proc (#1021) Fix wrong call to free. By Zero King (#1076) Fix a colour reset in true colour themes when encountering mIRC colours (#1059) Fix memory leak on malformed...

-0.8AI Score

2021-05-18 12:00 AM
7
rapid7blog
rapid7blog

Metasploit Wrap-Up

Two new Active Directory attacks This week we added a pair of new post-exploitation modules from community contributor timb-machine. Both modules target UNIX machines running SSSD or One Identity's Vintela Authentication Services (VAS) as Active Directory integration solutions. The new UNIX...

AI Score

0.97EPSS

2021-05-07 07:41 PM
156
krebs
krebs

The Wages of Password Re-use: Your Money or Your Life

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom. Our passwords can say a lot about us, and much of what they have to say is...

7AI Score

2021-05-04 05:22 PM
139
zdt
zdt

IGEL OS Secure VNC/Terminal Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in IGEL OS Secure Terminal and Secure Shadow...

0.3AI Score

2021-05-04 12:00 AM
19
packetstorm

0.1AI Score

2021-05-03 12:00 AM
264
altlinux
altlinux

Security fix for the ALT Linux 9 package avahi version 0.8-alt2

0.8-alt2 built April 30, 2021 Vitaly Lipatov in task #270905 April 28, 2021 Sergey Bolshakov - avoid infinite-loop in avahi-daemon (closes: #39357 ) (fixes:...

5.5CVSS

1.2AI Score

0.0004EPSS

2021-04-30 12:00 AM
17
suse
suse

Security update for irssi (moderate)

An update that contains security fixes can now be installed. Description: This update for irssi fixes the following issues: irssi was updated to 1.2.3 (boo#1184848) Fix the compilation of utf8proc (#1021) Fix wrong call to free. By Zero King (#1076) Fix a colour reset in true colour themes when...

0.5AI Score

2021-04-23 12:00 AM
9
threatpost
threatpost

Swiss Army knife For Information Security: What is Comprehensive Protection?

Written by Sergey Ozhegov, CEO of SearchInform In the early days of information security, we used to rely on antivirus and firewall in our arsenal. Once I even “caught” a leak with the help of the firewall logs: I noticed an atypically large data upload and found out that the user was uploading...

AI Score

2021-04-21 01:00 PM
50
openvas
openvas

openSUSE: Security Advisory for irssi (openSUSE-SU-2021:0587-1)

The remote host is missing an update for...

7.5AI Score

2021-04-21 12:00 AM
4
suse
suse

Security update for irssi (moderate)

An update that contains security fixes can now be installed. Description: This update for irssi fixes the following issues: irssi was updated to 1.2.3 (boo#1184848) Fix the compilation of utf8proc (#1021) Fix wrong call to free. By Zero King (#1076) Fix a colour reset in true colour themes when...

0.3AI Score

2021-04-19 12:00 AM
5
metasploit
metasploit

Citrix ADC (NetScaler) Directory Traversal RCE

This module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command...

9.8CVSS

0.9AI Score

0.975EPSS

2021-04-16 12:13 AM
235
altlinux
altlinux

Security fix for the ALT Linux 8 package clamav version 0.103.2-alt1

0.103.2-alt1 built April 14, 2021 Sergey Y. Afonin in task #265894 April 10, 2021 Sergey Y. Afonin - 0.103.2 + CVE-2021-1252, CVE-2021-1405 - 0.103.0 and 0.103.1 only. + CVE-2021-1404 - 0.103.1 and...

7.5CVSS

7.5AI Score

0.004EPSS

2021-04-14 12:00 AM
10
altlinux
altlinux

Security fix for the ALT Linux 9 package clamav version 0.103.2-alt1

0.103.2-alt1 built April 12, 2021 Sergey Y. Afonin in task #268496 April 10, 2021 Sergey Y. Afonin - 0.103.2 + CVE-2021-1252, CVE-2021-1405 - 0.103.0 and 0.103.1 only. + CVE-2021-1404 - 0.103.1 and...

7.5CVSS

7.5AI Score

0.004EPSS

2021-04-12 12:00 AM
13
altlinux
altlinux

Security fix for the ALT Linux 10 package clamav version 0.103.2-alt1

April 10, 2021 Sergey Y. Afonin 0.103.2-alt1 - 0.103.2 + CVE-2021-1252, CVE-2021-1405 - 0.103.0 and 0.103.1 only. + CVE-2021-1404 - 0.103.1 and...

7.5CVSS

7.5AI Score

0.004EPSS

2021-04-10 12:00 AM
6
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2102.200.13] - bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171} - bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171} - bpf: Simplify...

8.8CVSS

0.1AI Score

0.004EPSS

2021-03-31 12:00 AM
311
altlinux
altlinux

Security fix for the ALT Linux 9 package spamassassin version 3.4.5-alt1

3.4.5-alt1 built March 29, 2021 Sergey Y. Afonin in task #268491 March 25, 2021 Konstantin Lepikhov - 3.4.5 (fixes: CVE-2020-1946) - remove dkim patch (fixed by...

9.8CVSS

3.1AI Score

0.016EPSS

2021-03-29 12:00 AM
10
metasploit
metasploit

IGEL OS Secure VNC/Terminal Command Injection RCE

This module exploits a command injection vulnerability in IGEL OS Secure Terminal and Secure Shadow services. Both Secure Terminal (telnet_ssl_connector - 30022/tcp) and Secure Shadow (vnc_ssl_connector - 5900/tcp) services are...

0.6AI Score

2021-03-25 06:39 PM
31
akamaiblog
akamaiblog

Akamai Launch Cohort 2 of Accelerator Program for Early-Stage Innovations in Water

Akamai Technologies India Pvt. Ltd. has chosen the grantees for Cohort 2 of Accelerator Program for Early-Stage Innovations in Water. The Accelerator Program enables grantees to ideate their technology-based solutions for water conservation. This year, two grantees -- SmartTerra and Jaljeevika --.....

0.3AI Score

2021-03-19 02:00 PM
21
altlinux
altlinux

Security fix for the ALT Linux 9 package qt4 version 4.8.7-alt22

4.8.7-alt22 built March 16, 2021 Sergey V Turchin in task #267393 March 4, 2021 Aleksei Nikiforov - Applied security fixes (fixes: CVE-2020-17507) (thanks zerg@alt) - Fixed build with gcc-10+. - Disabled -reduce-relocation option since it causes issues with new...

5.3CVSS

2.4AI Score

0.003EPSS

2021-03-16 12:00 AM
12
krebs
krebs

WeLeakInfo Leaked Customer Payment Info

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to...

6.6AI Score

2021-03-15 01:05 PM
36
cloudfoundry
cloudfoundry

USN-4602-1: Perl vulnerabilities | Cloud Foundry

Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use...

8.6CVSS

8.9AI Score

0.003EPSS

2021-03-09 12:00 AM
23
altlinux
altlinux

Security fix for the ALT Linux 9 package wpa_supplicant version 2.9-alt4

2.9-alt4 built March 4, 2021 Andrey Cherepanov in task #267306 March 1, 2021 Sergey Bolshakov - P2P: Fix a corner case in peer addition based on PD Request (Fixes:...

7.5CVSS

2.3AI Score

0.002EPSS

2021-03-04 12:00 AM
7
threatpost
threatpost

RTM Cybergang Adds New Quoter Ransomware to Crime Spree

The Russian-speaking group behind the infamous RTM banking trojan is now packing a trifecta of threats as it turns up the heat – part of a massive new money-grab campaign. Beyond the banking malware it is known for, attackers have enlisted a recently-discovered ransomware family called Quoter as...

0.7AI Score

2021-03-03 07:18 PM
28
altlinux
altlinux

Security fix for the ALT Linux 8 package mailutils version 3.10-alt0.20200913.1

3.10-alt0.20200913.1 built March 2, 2021 Sergey Y. Afonin in task #267166 Sept. 27, 2020 Sergey Y. Afonin - New version (CVE-2019-18862 fixed in 3.8) - Updated %description - Updated License tags to SPDX syntax - Require emacs-X11 for build only when mh subpackage is enabled (ALT...

7.8CVSS

7.6AI Score

0.001EPSS

2021-03-02 12:00 AM
6
krebs
krebs

Is Your Browser Extension a Botnet Backdoor?

A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development,.....

7.2AI Score

2021-03-01 05:22 PM
183
chrome
chrome

Stable Channel Update for Desktop

The Stable channel has been updated to 88.0.4324.182 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by.....

9.6CVSS

9.7AI Score

0.008EPSS

2021-02-16 12:00 AM
19
ics
ics

ARC Informatique PcVue (Update A)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ARC Informatique Equipment: PcVue Vulnerabilities: Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, Information Exposure of Sensitive Information to an...

9.8CVSS

8.8AI Score

0.015EPSS

2021-01-05 12:00 PM
41
packetstorm

-0.1AI Score

2020-12-11 12:00 AM
572
packetstorm

-0.1AI Score

0.007EPSS

2020-12-08 12:00 AM
259
packetstorm

-0.3AI Score

0.002EPSS

2020-12-08 12:00 AM
279
osv
osv

openjdk-8, openjdk-lts regressions

USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression that could cause TLS connections with client certificate authentication to fail in some situations. This update fixes the problem. We apologize for the inconvenience. Original...

5.3CVSS

8.1AI Score

0.003EPSS

2020-11-12 09:58 PM
4
ubuntu
ubuntu

OpenJDK regressions

Releases Ubuntu 20.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages openjdk-8 - Open Source Java implementation openjdk-lts - Open Source Java implementation Details USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a...

5.3CVSS

6.3AI Score

0.003EPSS

2020-11-12 12:00 AM
91
citrix
citrix

Citrix SD-WAN Multiple Security Updates

Description of Problem Multiple vulnerabilities have been identified in the management interface of Citrix NetScaler SD-WAN physical appliances and virtual appliances. Collectively these vulnerabilities could allow an unauthenticated attacker with access to the management interface to...

9.8CVSS

1.1AI Score

0.058EPSS

2020-11-09 09:09 AM
23
osv
osv

tmux vulnerability

Sergey Nizovtsev discovered that tmux incorrectly handled some inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary...

7.8CVSS

8.1AI Score

0.001EPSS

2020-11-05 01:38 PM
3
ubuntu
ubuntu

tmux vulnerability

Releases Ubuntu 20.10 Ubuntu 20.04 LTS Packages tmux - terminal multiplexer Details Sergey Nizovtsev discovered that tmux incorrectly handled some inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary...

8.8CVSS

8.2AI Score

0.001EPSS

2020-11-05 12:00 AM
128
chrome
chrome

Chrome for Android Update

Hi, everyone! We've just released Chrome 86 (86.0.4240.185) for Android: it'll become available on Google Play over the next few weeks. Security fixes in this release are listed in the corresponding Desktop Release. In addition, this Android release contains: [$NA][1144368] High CVE-2020-16010:...

8.8CVSS

8.7AI Score

0.003EPSS

2020-11-02 12:00 AM
11
threatpost
threatpost

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixing....

1.1AI Score

0.024EPSS

2020-10-29 11:15 PM
126
threatpost
threatpost

NVIDIA Patches Critical Bug in High-Performance Servers

NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixing....

1.1AI Score

0.024EPSS

2020-10-29 11:15 PM
90
nvidia
nvidia

Security Bulletin: AMI Baseboard Management Controller (BMC) Firmware Vulnerabilities in NVIDIA DGX-1, DGX-2, and DGX A100 Servers - October 2020

NVIDIA has released a firmware security update for NVIDIA DGX™ servers. This update addresses security issues in the AMI Baseboard Management Controller (BMC) firmware that may lead to remote code execution, elevation of privileges, or information disclosure. All issues require network access to...

9.8CVSS

1.5AI Score

0.24EPSS

2020-10-28 12:00 AM
5
Total number of security vulnerabilities1083