Lucene search

K

Bala Krishna, Sergey Yakovlev Security Vulnerabilities

osv
osv

openjdk-8, openjdk-lts vulnerabilities

It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service (memory consumption) via a specially crafted input. (CVE-2020-14779) Sergey Ostanin discovered that OpenJDK...

5.3CVSS

7.6AI Score

0.003EPSS

2020-10-27 11:15 PM
5
osv
osv

perl vulnerabilities

USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions...

8.6CVSS

9.3AI Score

0.003EPSS

2020-10-27 02:02 PM
9
ubuntu
ubuntu

Perl vulnerabilities

Releases Ubuntu 14.04 ESM Ubuntu 12.04 Packages perl - Practical Extraction and Report Language Details USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: ManhND discovered that...

8.6CVSS

9.3AI Score

0.003EPSS

2020-10-27 12:00 AM
72
ubuntu
ubuntu

OpenJDK vulnerabilities

Releases Ubuntu 20.10 Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages openjdk-8 - Open Source Java implementation openjdk-lts - Open Source Java implementation Details It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A...

5.3CVSS

5.9AI Score

0.003EPSS

2020-10-27 12:00 AM
62
osv
osv

perl vulnerabilities

ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code....

8.6CVSS

9.2AI Score

0.003EPSS

2020-10-26 11:11 AM
3
ubuntu
ubuntu

Perl vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages perl - Practical Extraction and Report Language Details ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could...

8.6CVSS

9.1AI Score

0.003EPSS

2020-10-26 12:00 AM
78
packetstorm

AI Score

0.013EPSS

2020-10-21 12:00 AM
743
thn
thn

U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks

The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU),...

AI Score

2020-10-20 06:04 AM
31
threatpost
threatpost

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

The Department of Justice (DOJ) on Monday announced charges against six Russian nationals who are allegedly tied to the Sandworm APT. The threat group is believed to have launched several high-profile cyberattacks over the past few years – including the destructive NotPetya cyberattack that...

0.2AI Score

2020-10-19 07:10 PM
23
githubexploit
githubexploit

Exploit for Cross-site Scripting in Olimpoks Olimpok

CVE-2020-16270 [Suggested description]: OLIMPOKS under...

6.1CVSS

6.3AI Score

0.002EPSS

2020-10-15 02:06 PM
27
chrome
chrome

Chrome for Android Update

Hi, everyone! We've just released Chrome 86 (86.0.4240.99) for Android: it'll become available on Google Play over the next few weeks. This release includes Security, stability and performance improvements. You can see a full list of the changes in the Git log. If you find a new issue, please let.....

9.8CVSS

7.9AI Score

0.039EPSS

2020-10-13 12:00 AM
18
krebs
krebs

Amid an Embarrassment of Riches, Ransom Gangs Increasingly Outsource Their Work

There's an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to...

7.1AI Score

2020-10-08 07:42 PM
37
krebs
krebs

Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M

September featured two stories on a phony tech investor named John Bernard, a pseudonym used by a convicted thief named John Clifton Davies who's fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. Those stories prompted a flood of tips....

6.9AI Score

2020-10-07 02:58 PM
21
githubexploit
githubexploit

Exploit for Use of Hard-coded Credentials in Rubetek Rv-3406 Firmware

CVE-2020-25749 [Suggested description] The Telnet service...

9.8CVSS

9.4AI Score

0.009EPSS

2020-09-18 03:05 PM
13
githubexploit
githubexploit

Exploit for Cleartext Transmission of Sensitive Information in Rubetek Rv-3406 Firmware

CVE-2020-25748 [Suggested description] A Cleartext...

8.1CVSS

8.1AI Score

0.002EPSS

2020-09-18 03:03 PM
22
githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in Rubetek Rv-3406 Firmware

CVE-2020-25747 [Suggested description] The Telnet service...

9.4CVSS

9.2AI Score

0.008EPSS

2020-09-18 02:23 PM
16
threatpost
threatpost

TikTok Fixes Flaws That Opened Android App to Compromise

Researchers have disclosed four high-severity flaws in the Android version of TikTok that could have easily been exploited by a seemingly benign third-party Android app. If successful, an attacker could fully compromise the target’s TikTok account. Public disclosure of the vulnerabilities was...

-0.1AI Score

2020-09-14 04:23 PM
32
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2011.6.2] - Revert 'aarch64/BM: config failed, hub doesnt have any ports' (Thomas Tai) [Orabug: 31838351] [Orabug: 31844671] - kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185] [Orabug: 31844556] [5.4.17-2011.6.1] - nfsd: apply umask...

7.1CVSS

-0.4AI Score

0.002EPSS

2020-09-14 12:00 AM
74
altlinux
altlinux

Security fix for the ALT Linux 8 package clamav version 0.102.4-alt1

0.102.4-alt1 built July 30, 2020 Sergey Y. Afonin in task #255498 July 28, 2020 Sergey Y. Afonin - 0.102.4 + CVE-2020-3350 + CVE-2020-3327 +...

7.5CVSS

7.1AI Score

0.021EPSS

2020-07-30 12:00 AM
8
altlinux
altlinux

Security fix for the ALT Linux 9 package clamav version 0.102.4-alt1

0.102.4-alt1 built July 29, 2020 Sergey Y. Afonin in task #255486 July 28, 2020 Sergey Y. Afonin - 0.102.4 + CVE-2020-3350 + CVE-2020-3327 +...

7.5CVSS

7.1AI Score

0.021EPSS

2020-07-29 12:00 AM
14
altlinux
altlinux

Security fix for the ALT Linux 10 package clamav version 0.102.4-alt1

July 28, 2020 Sergey Y. Afonin 0.102.4-alt1 - 0.102.4 + CVE-2020-3350 + CVE-2020-3327 +...

7.5CVSS

7.1AI Score

0.021EPSS

2020-07-28 12:00 AM
7
apple
apple

About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra

About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra This document describes the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. About Apple security updates...

9.8CVSS

9.7AI Score

0.124EPSS

2020-07-15 12:00 AM
12
krebs
krebs

Russian Cybercrime Boss Burkov Gets 9 Years

A well-connected Russian hacker once described as “an asset of supreme importance” to Moscow was sentenced on Friday to nine years in a U.S. prison after pleading guilty to running a site that sold stolen payment card data, and to administering a highly secretive crime forum that counted among its....

6.8AI Score

2020-06-27 05:27 PM
13
threatpost
threatpost

Microsoft Joins Ban on Sale of Facial Recognition Tech to Police

Microsoft is joining Amazon and IBM when it comes to halting the sale of facial recognition technology to police departments. In a statement released Thursday by Microsoft President Brad Smith, he said the ban would stick until federal laws regulating the technology’s use were put in place. “We...

-0.6AI Score

2020-06-12 05:30 PM
25
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[4.14.35-1902.303.4.1] - x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31422209] {CVE-2020-0543} - x86/cpu: Add 'table'...

9.8CVSS

-0.6AI Score

0.017EPSS

2020-06-09 12:00 AM
65
altlinux
altlinux

Security fix for the ALT Linux 8 package clamav version 0.102.3-alt1

0.102.3-alt1 built May 28, 2020 Sergey Y. Afonin in task #245886 May 27, 2020 Sergey Y. Afonin - 0.102.3 + CVE-2020-3327 - 0.102.2 only + CVE-2020-3341 - from 0.101 to...

7.5CVSS

7.7AI Score

0.007EPSS

2020-05-28 12:00 AM
16
altlinux
altlinux

Security fix for the ALT Linux 9 package clamav version 0.102.3-alt1

0.102.3-alt1 built May 27, 2020 Sergey Y. Afonin in task #245876 May 27, 2020 Sergey Y. Afonin - 0.102.3 + CVE-2020-3327 - 0.102.2 only + CVE-2020-3341 - from 0.101 to...

7.5CVSS

7.7AI Score

0.007EPSS

2020-05-27 12:00 AM
14
altlinux
altlinux

Security fix for the ALT Linux 10 package clamav version 0.102.3-alt1

May 27, 2020 Sergey Y. Afonin 0.102.3-alt1 - 0.102.3 + CVE-2020-3327 - 0.102.2 only + CVE-2020-3341 - from 0.101 to...

7.5CVSS

7.7AI Score

0.007EPSS

2020-05-27 12:00 AM
4
altlinux
altlinux

Security fix for the ALT Linux 9 package kde5-kio-extras version 19.12.3-alt2

19.12.3-alt2 built Feb. 12, 2021 Sergey V Turchin in task #265603 19.12.3-alt2 built May 13, 2020 Sergey V Turchin in task #251571 May 12, 2020 Sergey V Turchin - don't store unasked fish:/ passwords (Fixes:...

3.3CVSS

2.5AI Score

0.0004EPSS

2020-05-13 12:00 AM
10
threatpost
threatpost

Shade Threat Actors Call It Quits, Release 750K Encryption Keys

The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository earlier this week, one containing the file keys and four “ReadMe”.....

-0.8AI Score

2020-04-30 12:17 PM
34
altlinux
altlinux

Security fix for the ALT Linux 8 package libssh version 0.8.8-alt1

0.8.8-alt1 built March 13, 2020 Sergey V Turchin in task #247316 March 4, 2020 Sergey V Turchin - new version (Fixes:...

8.8CVSS

8.3AI Score

0.007EPSS

2020-03-13 12:00 AM
7
ics
ics

Siemens SPPA-T3000 (Update A)

EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SPPA-T3000 Vulnerabilities: Improper Input Validation, Deserialization of Untrusted Data, Improper Authentication, Cleartext Transmission of Sensitive Information, Unrestricted...

9.8CVSS

9.3AI Score

0.096EPSS

2020-03-10 12:00 PM
114
chrome
chrome

Stable Channel Update for Desktop

The stable channel has been updated to 80.0.3987.132 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug....

8.8CVSS

8.4AI Score

0.003EPSS

2020-03-03 12:00 AM
14
chrome
chrome

Stable Channel Update for Desktop

The stable channel has been updated to 80.0.3987.122 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug....

8.8CVSS

7.8AI Score

0.971EPSS

2020-02-24 12:00 AM
13
securelist
securelist

DDoS attacks in Q4 2019

News overview In the past quarter, DDoS organizers continued to harness non-standard protocols for amplification attacks. In the wake of WS-Discovery, which we covered in the previous report, cybercriminals turned to Apple Remote Management Service (ARMS), part of the Apple Remote Desktop (ARD)...

7AI Score

2020-02-13 10:15 AM
49
nodejs
nodejs

Privilege Escalation

Overview Versions of cordova-plugin-inappbrowser prior to 3.1.0 are vulnerable to Privilege Escalation. A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. This affects Cordova Android....

9.8CVSS

5.6AI Score

0.005EPSS

2020-01-30 08:43 PM
10
krebs
krebs

Russian Cybercrime Boss Burkov Pleads Guilty

Aleksei Burkov, an ultra-connected Russian hacker once described as "an asset of supreme importance" to Moscow, has pleaded guilty in a U.S. court to running a site that sold stolen payment card data and to administering a highly secretive crime forum that counted among its members some of the...

6.8AI Score

2020-01-27 06:21 PM
29
chrome
chrome

Stable Channel Update for Desktop

The stable channel has been updated to 79.0.3945.130 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug....

8.8CVSS

8.5AI Score

0.969EPSS

2020-01-16 12:00 AM
14
metasploit
metasploit

Citrix ADC (NetScaler) Directory Traversal RCE

This module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command...

7.5AI Score

2020-01-14 02:25 AM
20
altlinux
altlinux

Security fix for the ALT Linux 9 package cyrus-imapd version 3.0.13-alt1

3.0.13-alt1 built Jan. 10, 2020 Sergey Y. Afonin in task #243772 Jan. 1, 2020 Sergey Y. Afonin - 3.0.13 (fixes:...

6.5CVSS

6.8AI Score

0.001EPSS

2020-01-10 12:00 AM
8
altlinux
altlinux

Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.15-alt0.M80P.1

2.5.15-alt0.M80P.1 built Jan. 10, 2020 Sergey Y. Afonin in task #243774 Jan. 2, 2020 Sergey Y. Afonin - 2.5.15 (fixes:...

6.5CVSS

6.8AI Score

0.001EPSS

2020-01-10 12:00 AM
7
avleonov
avleonov

CISO Forum 2019: Vulnerability Management, Red Teaming and a career in Information Security abroad

Today, at the very end of 2019, I want to write about the event I attended in April. Sorry for the delay . This doesn't mean that CISO Forum 2019 was not Interesting or I had nothing to share. Not at all! In fact, it was the most inspiring event of the year, and I wanted to make a truly monumental....

-0.2AI Score

2019-12-31 09:53 PM
87
wpexploit
wpexploit

WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS

A minor authenticated stored XSS vulnerability was found in the "Styles for Skiplinks when they have focus" section of the WP Accessibility...

0.4AI Score

2019-12-26 12:00 AM
3
wpvulndb
wpvulndb

WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS

A minor authenticated stored XSS vulnerability was found in the "Styles for Skiplinks when they have focus" section of the WP Accessibility plugin. PoC 1) Navigate to the Settings page of the plugin https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php 2)...

AI Score

2019-12-26 12:00 AM
5
chrome
chrome

Stable Channel Update for Desktop

The stable channel has been updated to 79.0.3945.88 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug....

8.8CVSS

8.8AI Score

0.2EPSS

2019-12-17 12:00 AM
11
altlinux
altlinux

Security fix for the ALT Linux 9 package libssh version 0.9.3-alt1

0.9.3-alt1 built Dec. 14, 2019 Sergey V Turchin in task #242718 Dec. 11, 2019 Sergey V Turchin - new version - security (Fixes:...

8.8CVSS

8.8AI Score

0.007EPSS

2019-12-14 12:00 AM
15
chrome
chrome

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 79 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 79.0.3945.79 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for...

8.8CVSS

8.5AI Score

0.027EPSS

2019-12-10 12:00 AM
21
altlinux
altlinux

Security fix for the ALT Linux 9 package clamav version 0.101.5-alt1

0.101.5-alt1 built Nov. 28, 2019 Sergey Y. Afonin in task #241709 Nov. 26, 2019 Sergey Y. Afonin - 0.101.5 (CVE-2019-15961) - fixed tests for libcheck 0.13.0 (clamav-0.101.5-libcheck-0.13.0.patch) - updated License tag to SPDX syntax (needs revision of exceptions) - removed rpm-build-licenses from....

6.5CVSS

6.8AI Score

0.017EPSS

2019-11-28 12:00 AM
9
altlinux
altlinux

Security fix for the ALT Linux 8 package clamav version 0.101.5-alt1

Nov. 26, 2019 Sergey Y. Afonin 0.101.5-alt1 - 0.101.5 (CVE-2019-15961) - fixed tests for libcheck 0.13.0 (clamav-0.101.5-libcheck-0.13.0.patch) - updated License tag to SPDX syntax (needs revision of exceptions) - removed rpm-build-licenses from...

6.5CVSS

6.8AI Score

0.017EPSS

2019-11-26 12:00 AM
5
altlinux
altlinux

Security fix for the ALT Linux 10 package clamav version 0.101.5-alt1

Nov. 26, 2019 Sergey Y. Afonin 0.101.5-alt1 - 0.101.5 (CVE-2019-15961) - fixed tests for libcheck 0.13.0 (clamav-0.101.5-libcheck-0.13.0.patch) - updated License tag to SPDX syntax (needs revision of exceptions) - removed rpm-build-licenses from...

6.5CVSS

6.8AI Score

0.017EPSS

2019-11-26 12:00 AM
7
Total number of security vulnerabilities1083