openjdk-8, openjdk-lts vulnerabilities
It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service (memory consumption) via a specially crafted input. (CVE-2020-14779) Sergey Ostanin discovered that OpenJDK...
5.3CVSS
7.6AI Score
0.003EPSS
USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions...
8.6CVSS
9.3AI Score
0.003EPSS
Releases Ubuntu 14.04 ESM Ubuntu 12.04 Packages perl - Practical Extraction and Report Language Details USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that...
8.6CVSS
9.3AI Score
0.003EPSS
Releases Ubuntu 20.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages openjdk-8 - Open Source Java implementation openjdk-lts - Open Source Java implementation Details It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A...
5.3CVSS
5.9AI Score
0.003EPSS
ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code....
8.6CVSS
9.2AI Score
0.003EPSS
Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages perl - Practical Extraction and Report Language Details ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could...
8.6CVSS
9.1AI Score
0.003EPSS
AI Score
0.013EPSS
U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks
The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU),...
AI Score
DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks
The Department of Justice (DOJ) on Monday announced charges against six Russian nationals who are allegedly tied to the Sandworm APT. The threat group is believed to have launched several high-profile cyberattacks over the past few years – including the destructive NotPetya cyberattack that...
0.2AI Score
Exploit for Cross-site Scripting in Olimpoks Olimpok
CVE-2020-16270 [Suggested description]: OLIMPOKS under...
6.1CVSS
6.3AI Score
0.002EPSS
Hi, everyone! We've just released Chrome 86 (86.0.4240.99) for Android: it'll become available on Google Play over the next few weeks. This release includes Security, stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let.....
9.8CVSS
7.9AI Score
0.039EPSS
Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work
There's an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to...
7.1AI Score
Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M
September featured two stories on a phony tech investor named John Bernard, a pseudonym used by a convicted thief named John Clifton Davies who's fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. Those stories prompted a flood of tips....
6.9AI Score
Exploit for Use of Hard-coded Credentials in Rubetek Rv-3406 Firmware
CVE-2020-25749 [Suggested description] The Telnet service...
9.8CVSS
9.4AI Score
0.009EPSS
Exploit for Cleartext Transmission of Sensitive Information in Rubetek Rv-3406 Firmware
CVE-2020-25748 [Suggested description] A Cleartext...
8.1CVSS
8.1AI Score
0.002EPSS
Exploit for Missing Authentication for Critical Function in Rubetek Rv-3406 Firmware
CVE-2020-25747 [Suggested description] The Telnet service...
9.4CVSS
9.2AI Score
0.008EPSS
TikTok Fixes Flaws That Opened Android App to Compromise
Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. If successful, an attacker could fully compromise the target’s TikTok account. Public disclosure of the vulnerabilities was...
-0.1AI Score
Unbreakable Enterprise kernel security update
[5.4.17-2011.6.2] - Revert 'aarch64/BM: config failed, hub doesnt have any ports' (Thomas Tai) [Orabug: 31838351] [Orabug: 31844671] - kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185] [Orabug: 31844556] [5.4.17-2011.6.1] - nfsd: apply umask...
7.1CVSS
-0.4AI Score
0.002EPSS
Security fix for the ALT Linux 8 package clamav version 0.102.4-alt1
0.102.4-alt1 built July 30, 2020 Sergey Y. Afonin in task #255498 July 28, 2020 Sergey Y. Afonin - 0.102.4 + CVE-2020-3350 + CVE-2020-3327 +...
7.5CVSS
7.1AI Score
0.021EPSS
Security fix for the ALT Linux 9 package clamav version 0.102.4-alt1
0.102.4-alt1 built July 29, 2020 Sergey Y. Afonin in task #255486 July 28, 2020 Sergey Y. Afonin - 0.102.4 + CVE-2020-3350 + CVE-2020-3327 +...
7.5CVSS
7.1AI Score
0.021EPSS
Security fix for the ALT Linux 10 package clamav version 0.102.4-alt1
July 28, 2020 Sergey Y. Afonin 0.102.4-alt1 - 0.102.4 + CVE-2020-3350 + CVE-2020-3327 +...
7.5CVSS
7.1AI Score
0.021EPSS
About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra This document describes the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. About Apple security updates...
9.8CVSS
9.7AI Score
0.124EPSS
Russian Cybercrime Boss Burkov Gets 9 Years
A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its....
6.8AI Score
Microsoft Joins Ban on Sale of Facial Recognition Tech to Police
Microsoft is joining Amazon and IBM when it comes to halting the sale of facial recognition technology to police departments. In a statement released Thursday by Microsoft President Brad Smith, he said the ban would stick until federal laws regulating the technology’s use were put in place. “We...
-0.6AI Score
Unbreakable Enterprise kernel security update
[4.14.35-1902.303.4.1] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/cpu: Add 'table'...
9.8CVSS
-0.6AI Score
0.017EPSS
Security fix for the ALT Linux 8 package clamav version 0.102.3-alt1
0.102.3-alt1 built May 28, 2020 Sergey Y. Afonin in task #245886 May 27, 2020 Sergey Y. Afonin - 0.102.3 + CVE-2020-3327 - 0.102.2 only + CVE-2020-3341 - from 0.101 to...
7.5CVSS
7.7AI Score
0.007EPSS
Security fix for the ALT Linux 9 package clamav version 0.102.3-alt1
0.102.3-alt1 built May 27, 2020 Sergey Y. Afonin in task #245876 May 27, 2020 Sergey Y. Afonin - 0.102.3 + CVE-2020-3327 - 0.102.2 only + CVE-2020-3341 - from 0.101 to...
7.5CVSS
7.7AI Score
0.007EPSS
Security fix for the ALT Linux 10 package clamav version 0.102.3-alt1
May 27, 2020 Sergey Y. Afonin 0.102.3-alt1 - 0.102.3 + CVE-2020-3327 - 0.102.2 only + CVE-2020-3341 - from 0.101 to...
7.5CVSS
7.7AI Score
0.007EPSS
Security fix for the ALT Linux 9 package kde5-kio-extras version 19.12.3-alt2
19.12.3-alt2 built Feb. 12, 2021 Sergey V Turchin in task #265603 19.12.3-alt2 built May 13, 2020 Sergey V Turchin in task #251571 May 12, 2020 Sergey V Turchin - don't store unasked fish:/ passwords (Fixes:...
3.3CVSS
2.5AI Score
0.0004EPSS
Shade Threat Actors Call It Quits, Release 750K Encryption Keys
The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository earlier this week, one containing the file keys and four “ReadMe”.....
-0.8AI Score
Security fix for the ALT Linux 8 package libssh version 0.8.8-alt1
0.8.8-alt1 built March 13, 2020 Sergey V Turchin in task #247316 March 4, 2020 Sergey V Turchin - new version (Fixes:...
8.8CVSS
8.3AI Score
0.007EPSS
EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SPPA-T3000 Vulnerabilities: Improper Input Validation, Deserialization of Untrusted Data, Improper Authentication, Cleartext Transmission of Sensitive Information, Unrestricted...
9.8CVSS
9.3AI Score
0.096EPSS
Stable Channel Update for Desktop
The stable channel has been updated to 80.0.3987.132 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug....
8.8CVSS
8.4AI Score
0.003EPSS
Stable Channel Update for Desktop
The stable channel has been updated to 80.0.3987.122 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug....
8.8CVSS
7.8AI Score
0.971EPSS
News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service (ARMS), part of the Apple Remote Desktop (ARD)...
7AI Score
Overview Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android....
9.8CVSS
5.6AI Score
0.005EPSS
Russian Cybercrime Boss Burkov Pleads Guilty
Aleksei Burkov, an ultra-connected Russian hacker once described as "an asset of supreme importance" to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the...
6.8AI Score
Stable Channel Update for Desktop
The stable channel has been updated to 79.0.3945.130 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug....
8.8CVSS
8.5AI Score
0.969EPSS
Citrix ADC (NetScaler) Directory Traversal RCE
This module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command...
7.5AI Score
Security fix for the ALT Linux 9 package cyrus-imapd version 3.0.13-alt1
3.0.13-alt1 built Jan. 10, 2020 Sergey Y. Afonin in task #243772 Jan. 1, 2020 Sergey Y. Afonin - 3.0.13 (fixes:...
6.5CVSS
6.8AI Score
0.001EPSS
Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.15-alt0.M80P.1
2.5.15-alt0.M80P.1 built Jan. 10, 2020 Sergey Y. Afonin in task #243774 Jan. 2, 2020 Sergey Y. Afonin - 2.5.15 (fixes:...
6.5CVSS
6.8AI Score
0.001EPSS
CISO Forum 2019: Vulnerability Management, Red Teaming and a career in Information Security abroad
Today, at the very end of 2019, I want to write about the event I attended in April. Sorry for the delay . This doesn't mean that CISO Forum 2019 was not Interesting or I had nothing to share. Not at all! In fact, it was the most inspiring event of the year, and I wanted to make a truly monumental....
-0.2AI Score
WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS
A minor authenticated stored XSS vulnerability was found in the "Styles for Skiplinks when they have focus" section of the WP Accessibility...
0.4AI Score
WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS
A minor authenticated stored XSS vulnerability was found in the "Styles for Skiplinks when they have focus" section of the WP Accessibility plugin. PoC 1) Navigate to the Settings page of the plugin https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php 2)...
AI Score
Stable Channel Update for Desktop
The stable channel has been updated to 79.0.3945.88 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug....
8.8CVSS
8.8AI Score
0.2EPSS
Security fix for the ALT Linux 9 package libssh version 0.9.3-alt1
0.9.3-alt1 built Dec. 14, 2019 Sergey V Turchin in task #242718 Dec. 11, 2019 Sergey V Turchin - new version - security (Fixes:...
8.8CVSS
8.8AI Score
0.007EPSS
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 79 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 79.0.3945.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...
8.8CVSS
8.5AI Score
0.027EPSS
Security fix for the ALT Linux 9 package clamav version 0.101.5-alt1
0.101.5-alt1 built Nov. 28, 2019 Sergey Y. Afonin in task #241709 Nov. 26, 2019 Sergey Y. Afonin - 0.101.5 (CVE-2019-15961) - fixed tests for libcheck 0.13.0 (clamav-0.101.5-libcheck-0.13.0.patch) - updated License tag to SPDX syntax (needs revision of exceptions) - removed rpm-build-licenses from....
6.5CVSS
6.8AI Score
0.017EPSS
Security fix for the ALT Linux 8 package clamav version 0.101.5-alt1
Nov. 26, 2019 Sergey Y. Afonin 0.101.5-alt1 - 0.101.5 (CVE-2019-15961) - fixed tests for libcheck 0.13.0 (clamav-0.101.5-libcheck-0.13.0.patch) - updated License tag to SPDX syntax (needs revision of exceptions) - removed rpm-build-licenses from...
6.5CVSS
6.8AI Score
0.017EPSS
Security fix for the ALT Linux 10 package clamav version 0.101.5-alt1
Nov. 26, 2019 Sergey Y. Afonin 0.101.5-alt1 - 0.101.5 (CVE-2019-15961) - fixed tests for libcheck 0.13.0 (clamav-0.101.5-libcheck-0.13.0.patch) - updated License tag to SPDX syntax (needs revision of exceptions) - removed rpm-build-licenses from...
6.5CVSS
6.8AI Score
0.017EPSS