Lucene search

K

DP300,TE60,TP3106,ViewPoint 9030,eCNS210 TD,eSpace 7950,eSpace IAD,eSpace U1981 Security Vulnerabilities

openbugbounty
openbugbounty

espace-terroir.ch Cross Site Scripting vulnerability OBB-2744403

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

-0.1AI Score

2022-07-08 10:15 PM
10
securelist
securelist

Dynamic analysis of firmware components in IoT devices

Among the various offensive security techniques, vulnerability assessment takes priority when it comes to analyzing the security of IoT/IIoT devices. In most cases, such devices are analyzed using the black box testing approach, in which the researcher has virtually no knowledge about the object...

-0.6AI Score

2022-07-06 10:00 AM
17
mskb
mskb

Description of the security update for SharePoint Foundation 2013: June 14, 2022 (KB5002219)

Description of the security update for SharePoint Foundation 2013: June 14, 2022 (KB5002219) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

9.1AI Score

0.011EPSS

2022-06-14 07:00 AM
11
osv
osv

Magento 2 Community Edition Access Control Bypass

An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially...

7.5CVSS

7AI Score

0.001EPSS

2022-05-24 04:52 PM
6
github
github

Magento 2 Community Edition Access Control Bypass

An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially...

7.5CVSS

7AI Score

0.001EPSS

2022-05-24 04:52 PM
8
nessus
nessus

Ubuntu 16.04 ESM : libXrender vulnerabilities (USN-5436-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5436-1 advisory. Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to...

9.8CVSS

9.5AI Score

0.014EPSS

2022-05-24 12:00 AM
15
osv
osv

libxrender vulnerabilities

Tobias Stoeckmann discovered that libXrender incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2016-7949,...

9.8CVSS

8AI Score

0.014EPSS

2022-05-23 06:04 PM
5
ubuntu
ubuntu

libXrender vulnerabilities

Releases Ubuntu 16.04 ESM Packages libxrender - X11 Rendering Extension client library Details Tobias Stoeckmann discovered that libXrender incorrectly handled certain responses. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code....

9.8CVSS

10AI Score

0.014EPSS

2022-05-23 12:00 AM
37
redhatcve
redhatcve

CVE-2019-9030

An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in...

9.1CVSS

2.9AI Score

0.006EPSS

2022-05-20 10:52 PM
6
mskb
mskb

Description of the security update for SharePoint Foundation 2013: May 10, 2022 (KB5002203)

Description of the security update for SharePoint Foundation 2013: May 10, 2022 (KB5002203) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures...

8.9AI Score

0.054EPSS

2022-05-10 08:00 AM
116
openvas
openvas

Slackware: Security Advisory (SSA:2016-305-02)

The remote host is missing an update for...

9.8CVSS

9.1AI Score

0.02EPSS

2022-04-21 12:00 AM
2
openbugbounty
openbugbounty

espace-helvetia.ch Cross Site Scripting vulnerability OBB-2531840

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

AI Score

2022-04-20 12:38 AM
11
mskb
mskb

Description of the security update for SharePoint Foundation 2013: April 12, 2022 (KB5002189)

Description of the security update for SharePoint Foundation 2013: April 12, 2022 (KB5002189) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability and Microsoft Excel remote code execution vulnerability. To learn more about the vulnerabilities, see the...

7.3AI Score

0.007EPSS

2022-04-12 08:00 AM
63
thn
thn

Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck

Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident...

AI Score

2022-04-06 03:15 PM
42
suse
suse

Security update for conmon, libcontainers-common, libseccomp, podman (moderate)

An update that solves 7 vulnerabilities, contains one feature and has one errata is now available. Description: This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: fix CVE-2021-41190 [bsc#1193273],...

6.5CVSS

-0.4AI Score

0.005EPSS

2022-03-04 12:00 AM
166
openbugbounty
openbugbounty

espace-evasion-delmoly.com Cross Site Scripting vulnerability OBB-2377962

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

-0.1AI Score

2022-02-19 06:42 AM
13
openbugbounty
openbugbounty

espace-corps-pluriel.com Cross Site Scripting vulnerability OBB-2377956

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

-0.1AI Score

2022-02-19 06:41 AM
12
openbugbounty
openbugbounty

espace-du-son.com Cross Site Scripting vulnerability OBB-2377958

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

-0.1AI Score

2022-02-19 06:41 AM
8
ics
ics

Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through...

9.8CVSS

10AI Score

0.973EPSS

2022-02-16 12:00 PM
69
openbugbounty
openbugbounty

espace-client.saria.fr Cross Site Scripting vulnerability OBB-2365211

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

-0.1AI Score

2022-02-08 03:08 PM
9
mskb
mskb

Description of the security update for SharePoint Foundation 2013: February 8, 2022 (KB5002155)

Description of the security update for SharePoint Foundation 2013: February 8, 2022 (KB5002155) Summary This security update resolves a Microsoft SharePoint Server security feature bypass vulnerability. For more information about the vulnerability, see Microsoft Common Vulnerabilities and...

6.6AI Score

0.001EPSS

2022-02-08 08:00 AM
30
d0znpp
d0znpp

What is threat modeling ❓ Definition, Methods, Example

Threat modeling is a method for upgrading the security of an application, system, or business process by distinguishing objections and weaknesses, just as carrying out countermeasures to stay away from or alleviate the impacts of structure dangers. Threat modeling supports recognizing the security....

-0.2AI Score

2022-02-02 06:01 AM
30
openvas
openvas

Mageia: Security Advisory (MGASA-2018-0011)

The remote host is missing an update for...

9.8CVSS

9.1AI Score

0.02EPSS

2022-01-28 12:00 AM
3
wallarmlab
wallarmlab

SSH Host Based Authentication

Introduction Are you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identity....

-0.3AI Score

2022-01-17 02:31 PM
12
openbugbounty
openbugbounty

leray-paysage-espace-vert.fr Cross Site Scripting vulnerability OBB-2333300

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

-0.1AI Score

2022-01-13 12:08 PM
9
mskb
mskb

Description of the security update for SharePoint Foundation 2013: January 11, 2022 (KB5002127)

Description of the security update for SharePoint Foundation 2013: January 11, 2022 (KB5002127) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities,....

9.1AI Score

0.04EPSS

2022-01-11 08:00 AM
61
cve
cve

CVE-2021-44526

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin...

9.8CVSS

9.6AI Score

0.005EPSS

2021-12-23 03:15 PM
38
prion
prion

Authentication flaw

Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin...

9.8CVSS

9.5AI Score

0.005EPSS

2021-12-23 03:15 PM
7
openbugbounty
openbugbounty

armee-air-espace-collection.gouv.fr Cross Site Scripting vulnerability OBB-2309490

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

-0.3AI Score

2021-12-21 03:10 PM
13
huawei
huawei

Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products

Some Huawei products are affected by the Apache Log4j2 remote code execution vulnerabilities. The vulnerabilities are caused by a recursive parsing error in some functions of Apache Log4j2. An attacker can construct a malicious request to control log parameters to trigger a remote code execution...

10CVSS

2.9AI Score

0.975EPSS

2021-12-15 12:00 AM
244
cve
cve

CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context.....

9CVSS

9.4AI Score

0.975EPSS

2021-12-14 07:15 PM
1203
In Wild
137
mskb
mskb

Description of the security update for SharePoint Foundation 2013: December 14, 2021 (KB5002071)

Description of the security update for SharePoint Foundation 2013: December 14, 2021 (KB5002071) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the vulnerabilities,.....

7.8AI Score

0.038EPSS

2021-12-14 08:00 AM
35
cve
cve

CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message....

10CVSS

9.8AI Score

0.975EPSS

2021-12-10 10:15 AM
3601
In Wild
399
kaspersky
kaspersky

KLA12390 RCE vulnerability in Apache Log4j

Remote code execution vulnerability was found in Apache Log4j. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Apache Log4j Security Vulnerabilities Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability....

10CVSS

10AI Score

0.975EPSS

2021-12-10 12:00 AM
1137
mmpc
mmpc

A closer look at Qakbot’s latest building blocks (and how to knock them down)

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...

AI Score

2021-12-09 06:00 PM
12
mssecure
mssecure

A closer look at Qakbot’s latest building blocks (and how to knock them down)

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it. Since emerging in 2007 as a banking Trojan,...

AI Score

2021-12-09 06:00 PM
14
threatpost
threatpost

Not with a Bang but a Whisper: The Shift to Stealthy C2

As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat (APT) malware and the billion-dollar...

-0.5AI Score

2021-12-08 07:28 PM
16
impervablog
impervablog

The cost of data security – it’s not just about the numbers

Organizations striving to improve their security posture often find this a multi-faceted challenge. In addition to the security product evaluation itself, security budgets are tight and justification is a necessary step. Financial language, however, is not everyone’s forte - and fiscal...

0.5AI Score

2021-12-02 01:56 PM
6
openbugbounty
openbugbounty

gites-espace-detente.com Cross Site Scripting vulnerability OBB-2233268

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.1AI Score

2021-11-04 05:00 PM
7
d0znpp
d0znpp

What is a Purple Team ❓

Many individuals know about red groups ‒ moral programmers who test the security protections of an association by dispatching assaults in a controlled climate. Red groups are gone against by blue groups, who are entrusted with assessing an association’s security availability, forestalling red...

-0.4AI Score

2021-10-19 09:32 AM
19
mskb
mskb

Description of the security update for SharePoint Foundation 2013: October 12, 2021 (KB5002042)

Description of the security update for SharePoint Foundation 2013: October 12, 2021 (KB5002042) Summary This security update resolves a Microsoft SharePoint Server spoofing vulnerability and Microsoft SharePoint Server remote code execution vulnerability. To learn more about the vulnerabilities,...

7.2AI Score

0.163EPSS

2021-10-12 07:00 AM
48
mskb
mskb

Description of the security update for SharePoint Foundation 2013: September 14, 2021 (KB5002024)

Description of the security update for SharePoint Foundation 2013: September 14, 2021 (KB5002024) Summary This security update resolves Microsoft SharePoint Server spoofing vulnerabilities. To learn more about the vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2021-38651...

5.9AI Score

0.001EPSS

2021-09-14 07:00 AM
25
d0znpp
d0znpp

A3: Sensitive Data Exposure ❗️ — Top 10 OWASP 2017

A3: Sensitive Data Exposure ❗️ — Top 10 OWASP 2017 Introduction I feel like a lot of mystery surrounds this issue from the top 10 OWASP vulnerabilities. A lot of people seem to wonder which data is sensitive when exposed. Some people seem to think every single API key disclosed in a JS file is a...

7.5CVSS

7.7AI Score

0.001EPSS

2021-09-13 07:19 AM
30
malwarebytes
malwarebytes

Watch what you send on anonymous SMS websites

It's a good idea to try and keep certain things private. For example, people have been using anonymous email services for years. These either hide your real email address, or replace it entirely for specific tasks. Folks will go one step further, setting aliases for each service they sign up to....

-0.5AI Score

2021-09-03 12:51 PM
34
seebug
seebug

Buffalo和Arcadyan多款路由器认证绕过RCE等多个漏洞

Tenable has discovered multiple vulnerabilities in routers manufactured by Arcadyan. During the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying...

9.8CVSS

0.2AI Score

0.975EPSS

2021-08-11 12:00 AM
661
threatpost
threatpost

Connected Farms Easy Pickings for Global Food Supply-Chain Hack

A group of hackers made an unnerving DEF CON 29 presentation showing how the sprawling growth of digital and automated farming has left the world’s food supply chain vulnerable to cyberattack. A video for DEF CON 29 hacker conference this week put out by the group Sick Codes explained that modern.....

4.9CVSS

-0.3AI Score

0.001EPSS

2021-08-10 09:21 PM
51
ics
ics

Defending Against Malicious Cyber Activity Originating from Tor

Summary This advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This advisory—written by the Cybersecurity Security and Infrastructure...

9.2AI Score

2021-08-02 12:00 PM
19
d0znpp
d0znpp

White Box Testing What Is, Types, Techniques, Example

White Box Testing is programming trying, or rather inner center and foundation. Get familiar with about this strategy in this article. What is White Box Testing? White Box Testing can be depicted as a program-testing methodology in which a product’s interior construction, plan and coding are tried....

-0.2AI Score

2021-07-25 04:17 PM
181
d0znpp
d0znpp

What is DevOps❓ Definition, Advantages, Practices

Introduction Inhabitants of the product world realize that new trendy expressions apparently show up out of the blue, and similarly as abruptly multiply news stories, water cooler chitchat and merchant FAQ areas. In the event that you’ve heard the term DevOps being thrown around, you may believe...

0.1AI Score

2021-07-16 07:03 AM
52
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2102.203.5] - rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33044344] [5.4.17-2102.203.4] - rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 32974199] - Revert Allow mce to reset instead of panic on UE (William Roche) ...

7.8CVSS

0.1AI Score

0.004EPSS

2021-07-16 12:00 AM
276
Total number of security vulnerabilities1411