K000133759 : Python vulnerability CVE-2020-26116
Security Advisory Description http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP ...
K48187630 : Multiple grub2 vulnerabilities
Security Advisory Description CVE-2020-14308 In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads ...
K000134818 : Python XML RPC vulnerability CVE-2019-16935
Security Advisory Description The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/ ...
K000134793 : OpenJDK vulnerability CVE-2018-2952
Security Advisory Description Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: ...
K000134802 : Kubernetes vulnerability CVE-2020-10749
Security Advisory Description A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man- ...
K000134782 : Intel Virtual RAID on CPU vulnerabilities CVE-2022-29919, CVE-2022-30338, CVE-2022-29508, CVE-2022-25976
Security Advisory Description CVE-2022-29919 Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege ...
K000134781 : Multiple Intel Server Board BMC vulnerabilities
Security Advisory Description CVE-2023-22661 Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local ...
K000134768 : Linux kernel vulnerability CVE-2022-4378
Security Advisory Description A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to ...
K000134770 : Linux kernel vulnerability CVE-2022-42703
Security Advisory Description mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. (CVE-2022-42703) Impact This vulnerability allows a local ...
K000134764 : Java SE vulnerabilities CVE-2018-2941 and CVE-2018-2973
Security Advisory Description CVE-2018-2941 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1.
K000134747 : PHP vulnerability CVE-2023-0568
Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with ...
K000134744 : Intel BIOS vulnerability CVE-2022-38087
Security Advisory Description Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local ...
K000134748 : Kubernetes vulnerabilities CVE-2019-1002100, CVE-2019-11254, CVE-2017-1002101, and CVE-2017-1002102
Security Advisory Description CVE-2019-1002100 In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can ...
K000133652 : Python vulnerability CVE-2018-18074
Security Advisory Description The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it ...
K000133448 : Python urllib3 vulnerability CVE-2019-11324
Security Advisory Description The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, ...
K000134735 : Intel BIOS vulnerability CVE-2022-33894
Security Advisory Description Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
K12201527 : Overview of Quarterly Security Notifications
Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications. Quarterly Security Notification dates are published ...
K64348180 : MySQL vulnerabilities CVE-2022-21517, CVE-2022-21519, CVE-2022-21522, CVE-2022-21525, and CVE-2022-21526
Security Advisory Description CVE-2022-21517 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily ...
K25225860 : Linux kernel vulnerabilities CVE-2019-6454, CVE-2020-12888, and CVE-2020-36385
Security Advisory Description CVE-2019-6454 An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for ...
K000134602 : Node.js vulnerabilities CVE-2023-23918 and CVE-2023-23920
Security Advisory Description CVE-2023-23918 A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental ...
Ukraine war blurs lines between cyber-crims and state-sponsored attackers
This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
We need to refine and secure AI, not turn our backs on the technology
While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims
Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...
