It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. (CVE-2020-25678) Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in...
7.2CVSS
7.3AI Score
0.005EPSS
Releases Ubuntu 20.10 Ubuntu 20.04 LTS Packages ceph - distributed storage and file system Details It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive information. (CVE-2020-25678) Goutham Pacha...
7.2CVSS
7.1AI Score
0.005EPSS
CODESYS Control V2 Linux SysFile library
EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS V2 Runtime Toolkit Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability may allow the control programmer to call...
5.3CVSS
5.9AI Score
0.0004EPSS
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS V2 web server Vulnerabilities: Stack-based Buffer Overflow, Improper Access Control, Buffer Copy without Checking Size of Input, Improperly Implemented Security Check,...
9.8CVSS
10AI Score
0.002EPSS
CODESYS Control V2 communication
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: CODESYS, GmbH Equipment: CODESYS V2 Runtime Toolkit, CODESYS PLCWinNT Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Improper Input Validation 2. RISK EVALUATION Successful...
9.8CVSS
9.1AI Score
0.002EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.504.2.el7] - md/raid1: properly indicate failure when ending a failed write request (Paul Clements) [Orabug: 32887159] - video: hyperv_fb: Add ratelimit on error message (Michael Kelley) [Orabug: 32856879] - Drivers: hv: vmbus: Initialize unload_event statically (Andrea Parri...
6.7CVSS
-0.2AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.504.2] - md/raid1: properly indicate failure when ending a failed write request (Paul Clements) [Orabug: 32887159] - video: hyperv_fb: Add ratelimit on error message (Michael Kelley) [Orabug: 32856879] - Drivers: hv: vmbus: Initialize unload_event statically (Andrea Parri...
6.7CVSS
-0.2AI Score
0.0004EPSS
Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users
Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices. "The impact of these bugs could have allowed an attacker...
8.8CVSS
1.4AI Score
0.001EPSS
Security fix for the ALT Linux 9 package cyrus-imapd version 3.2.7-alt1
3.2.7-alt1 built June 11, 2021 Sergey Y. Afonin in task #274230 June 10, 2021 Sergey Y. Afonin - 3.2.7 (fixes:...
4.3CVSS
5.3AI Score
0.001EPSS
Ransomware to be investigated like terrorism
The impact of recent ransomware attacks on vital infrastructure in the US has triggered a reaction from the US Attorney’s office. In an internal guidance it says that all ransomware investigations in the field should be centrally coordinated with a recently created task force in Washington....
6.6AI Score
10 Critical Flaws Found in CODESYS Industrial Automation Software
Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to achieve remote code execution on programmable logic controllers (PLCs). "To exploit the vulnerabilities, an attacker does not need a username or.....
9.8CVSS
1.8AI Score
0.002EPSS
openSUSE Security Update : irssi (openSUSE-2021-587)
This update for irssi fixes the following issues : irssi was updated to 1.2.3 (boo#1184848) Fix the compilation of utf8proc (#1021) Fix wrong call to free. By Zero King (#1076) Fix a colour reset in true colour themes when encountering mIRC colours (#1059) Fix memory leak on malformed...
-0.8AI Score
Two new Active Directory attacks This week we added a pair of new post-exploitation modules from community contributor timb-machine. Both modules target UNIX machines running SSSD or One Identity's Vintela Authentication Services (VAS) as Active Directory integration solutions. The new UNIX...
AI Score
0.97EPSS
The Wages of Password Re-use: Your Money or Your Life
When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom. Our passwords can say a lot about us, and much of what they have to say is...
7AI Score
IGEL OS Secure VNC/Terminal Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in IGEL OS Secure Terminal and Secure Shadow...
0.3AI Score
0.1AI Score
Security fix for the ALT Linux 9 package avahi version 0.8-alt2
0.8-alt2 built April 30, 2021 Vitaly Lipatov in task #270905 April 28, 2021 Sergey Bolshakov - avoid infinite-loop in avahi-daemon (closes: #39357 ) (fixes:...
5.5CVSS
1.2AI Score
0.0004EPSS
Security update for irssi (moderate)
An update that contains security fixes can now be installed. Description: This update for irssi fixes the following issues: irssi was updated to 1.2.3 (boo#1184848) Fix the compilation of utf8proc (#1021) Fix wrong call to free. By Zero King (#1076) Fix a colour reset in true colour themes when...
0.5AI Score
Swiss Army knife For Information Security: What is Comprehensive Protection?
Written by Sergey Ozhegov, CEO of SearchInform In the early days of information security, we used to rely on antivirus and firewall in our arsenal. Once I even “caught” a leak with the help of the firewall logs: I noticed an atypically large data upload and found out that the user was uploading...
AI Score
openSUSE: Security Advisory for irssi (openSUSE-SU-2021:0587-1)
The remote host is missing an update for...
7.5AI Score
Security update for irssi (moderate)
An update that contains security fixes can now be installed. Description: This update for irssi fixes the following issues: irssi was updated to 1.2.3 (boo#1184848) Fix the compilation of utf8proc (#1021) Fix wrong call to free. By Zero King (#1076) Fix a colour reset in true colour themes when...
0.3AI Score
Citrix ADC (NetScaler) Directory Traversal RCE
This module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command...
9.8CVSS
0.9AI Score
0.975EPSS
Security fix for the ALT Linux 8 package clamav version 0.103.2-alt1
0.103.2-alt1 built April 14, 2021 Sergey Y. Afonin in task #265894 April 10, 2021 Sergey Y. Afonin - 0.103.2 + CVE-2021-1252, CVE-2021-1405 - 0.103.0 and 0.103.1 only. + CVE-2021-1404 - 0.103.1 and...
7.5CVSS
7.5AI Score
0.004EPSS
Security fix for the ALT Linux 9 package clamav version 0.103.2-alt1
0.103.2-alt1 built April 12, 2021 Sergey Y. Afonin in task #268496 April 10, 2021 Sergey Y. Afonin - 0.103.2 + CVE-2021-1252, CVE-2021-1405 - 0.103.0 and 0.103.1 only. + CVE-2021-1404 - 0.103.1 and...
7.5CVSS
7.5AI Score
0.004EPSS
Security fix for the ALT Linux 10 package clamav version 0.103.2-alt1
April 10, 2021 Sergey Y. Afonin 0.103.2-alt1 - 0.103.2 + CVE-2021-1252, CVE-2021-1405 - 0.103.0 and 0.103.1 only. + CVE-2021-1404 - 0.103.1 and...
7.5CVSS
7.5AI Score
0.004EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2102.200.13] - bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171} - bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171} - bpf: Simplify...
8.8CVSS
0.1AI Score
0.004EPSS
Security fix for the ALT Linux 9 package spamassassin version 3.4.5-alt1
3.4.5-alt1 built March 29, 2021 Sergey Y. Afonin in task #268491 March 25, 2021 Konstantin Lepikhov - 3.4.5 (fixes: CVE-2020-1946) - remove dkim patch (fixed by...
9.8CVSS
3.1AI Score
0.016EPSS
IGEL OS Secure VNC/Terminal Command Injection RCE
This module exploits a command injection vulnerability in IGEL OS Secure Terminal and Secure Shadow services. Both Secure Terminal (telnet_ssl_connector - 30022/tcp) and Secure Shadow (vnc_ssl_connector - 5900/tcp) services are...
0.6AI Score
Akamai Launch Cohort 2 of Accelerator Program for Early-Stage Innovations in Water
Akamai Technologies India Pvt. Ltd. has chosen the grantees for Cohort 2 of Accelerator Program for Early-Stage Innovations in Water. The Accelerator Program enables grantees to ideate their technology-based solutions for water conservation. This year, two grantees -- SmartTerra and Jaljeevika --.....
0.3AI Score
Security fix for the ALT Linux 9 package qt4 version 4.8.7-alt22
4.8.7-alt22 built March 16, 2021 Sergey V Turchin in task #267393 March 4, 2021 Aleksei Nikiforov - Applied security fixes (fixes: CVE-2020-17507) (thanks zerg@alt) - Fixed build with gcc-10+. - Disabled -reduce-relocation option since it causes issues with new...
5.3CVSS
2.4AI Score
0.003EPSS
WeLeakInfo Leaked Customer Payment Info
A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to...
6.6AI Score
USN-4602-1: Perl vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use...
8.6CVSS
8.9AI Score
0.003EPSS
Security fix for the ALT Linux 9 package wpa_supplicant version 2.9-alt4
2.9-alt4 built March 4, 2021 Andrey Cherepanov in task #267306 March 1, 2021 Sergey Bolshakov - P2P: Fix a corner case in peer addition based on PD Request (Fixes:...
7.5CVSS
2.3AI Score
0.002EPSS
RTM Cybergang Adds New Quoter Ransomware to Crime Spree
The Russian-speaking group behind the infamous RTM banking trojan is now packing a trifecta of threats as it turns up the heat – part of a massive new money-grab campaign. Beyond the banking malware it is known for, attackers have enlisted a recently-discovered ransomware family called Quoter as...
0.7AI Score
Security fix for the ALT Linux 8 package mailutils version 3.10-alt0.20200913.1
3.10-alt0.20200913.1 built March 2, 2021 Sergey Y. Afonin in task #267166 Sept. 27, 2020 Sergey Y. Afonin - New version (CVE-2019-18862 fixed in 3.8) - Updated %description - Updated License tags to SPDX syntax - Require emacs-X11 for build only when mh subpackage is enabled (ALT...
7.8CVSS
7.6AI Score
0.001EPSS
Is Your Browser Extension a Botnet Backdoor?
A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations. This story examines the lopsided economics of extension development,.....
7.2AI Score
Stable Channel Update for Desktop
The Stable channel has been updated to 88.0.4324.182 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by.....
9.6CVSS
9.7AI Score
0.008EPSS
ARC Informatique PcVue (Update A)
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: ARC Informatique Equipment: PcVue Vulnerabilities: Deserialization of Untrusted Data, Access to Critical Private Variable via Public Method, Information Exposure of Sensitive Information to an...
9.8CVSS
8.8AI Score
0.015EPSS
-0.1AI Score
-0.1AI Score
0.007EPSS
-0.3AI Score
0.002EPSS
openjdk-8, openjdk-lts regressions
USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a regression that could cause TLS connections with client certificate authentication to fail in some situations. This update fixes the problem. We apologize for the inconvenience. Original...
5.3CVSS
8.1AI Score
0.003EPSS
Releases Ubuntu 20.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages openjdk-8 - Open Source Java implementation openjdk-lts - Open Source Java implementation Details USN-4607-1 fixed vulnerabilities and added features in OpenJDK. Unfortunately, that update introduced a...
5.3CVSS
6.3AI Score
0.003EPSS
Citrix SD-WAN Multiple Security Updates
Description of Problem Multiple vulnerabilities have been identified in the management interface of Citrix NetScaler SD-WAN physical appliances and virtual appliances. Collectively these vulnerabilities could allow an unauthenticated attacker with access to the management interface to...
9.8CVSS
1.1AI Score
0.058EPSS
Sergey Nizovtsev discovered that tmux incorrectly handled some inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary...
7.8CVSS
8.1AI Score
0.001EPSS
Releases Ubuntu 20.10 Ubuntu 20.04 LTS Packages tmux - terminal multiplexer Details Sergey Nizovtsev discovered that tmux incorrectly handled some inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary...
8.8CVSS
8.2AI Score
0.001EPSS
Hi, everyone! We've just released Chrome 86 (86.0.4240.185) for Android: it'll become available on Google Play over the next few weeks. Security fixes in this release are listed in the corresponding Desktop Release. In addition, this Android release contains: [$NA][1144368] High CVE-2020-16010:...
8.8CVSS
8.7AI Score
0.003EPSS
NVIDIA Patches Critical Bug in High-Performance Servers
NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixing....
1.1AI Score
0.024EPSS
NVIDIA Patches Critical Bug in High-Performance Servers
NVIDIA released a patch for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. In all, NVIDIA issued nine patches, each fixing....
1.1AI Score
0.024EPSS
NVIDIA has released a firmware security update for NVIDIA DGX™ servers. This update addresses security issues in the AMI Baseboard Management Controller (BMC) firmware that may lead to remote code execution, elevation of privileges, or information disclosure. All issues require network access to...
9.8CVSS
1.5AI Score
0.24EPSS