Lucene search
+L

113 matches found

The Hacker News
The Hacker News
added 2023/04/27 8:20 a.m.84 views

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

9.8CVSS8.9AI score0.99999EPSS
Exploits37
The Hacker News
The Hacker News
added 2022/12/09 5:16 p.m.62 views

New TrueBot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

Cybersecurity researchers have reported an increase in TrueBot infections, primarily targeting Mexico, Brazil, Pakistan, and the U.S. Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patche...

9.8CVSS1AI score0.36009EPSS
Exploits1
The Hacker News
The Hacker News
added 2022/10/28 10:18 a.m.29 views

Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints

The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot aka Silence, and Clop ransomware. It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection...

6.8AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/10/27 4:0 p.m.41 views

Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity

Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread. These infections lead to follow-on...

0.2AI score
Exploits0
NVD
NVD
added 2022/03/15 9:15 a.m.40 views

CVE-2022-0950

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4...

6.5CVSS0.00625EPSS
Exploits1References2
CVE
CVE
added 2022/03/15 8:20 a.m.117 views

CVE-2022-0950

CVE-2022-0950 affects the ShowDoc project (GitHub star7th/showdoc) and is caused by an unrestricted upload of files with dangerous types via the upload feature, permitting .html extensions and enabling stored cross-site scripting. Affected versions are prior to 2.10.4. Remediation per the connect...

6.5CVSS5.6AI score0.00625EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2019:0950-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9AI score0.03299EPSS
Exploits11References2
Prion
Prion
added 2020/04/15 3:15 p.m.14 views

Memory corruption

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0949, CVE-2020-0950...

9.3CVSS8.7AI score0.05037EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2020/04/15 3:13 p.m.105 views

CVE-2020-0950

CVE-2020-0950 is described as a memory corruption vulnerability in Windows Media Foundation caused by improper handling of memory objects, part of the Media Foundation Memory Corruption family alongside CVE-2020-0948 and CVE-2020-0949. The connected CNVD entries similarly refer to a Media Foundat...

9.3CVSS8.7AI score0.05037EPSS
Exploits0References1Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/04/14 12:0 a.m.46 views

KB4550930: Windows 10 April 2020 Security Update

The remote Windows host is missing security update 4550930. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could...

9.3CVSS8.3AI score0.69166EPSS
Exploits4References52
Circl
Circl
added 2019/05/16 7:50 p.m.9 views

CVE-2019-0950

creationtimestamp| type| source ---|---|--- 2019-05-16 19:50:32+00:00| seen| https://t.me/cvemitreorg/4...

5.7CVSS6.4AI score0.02461EPSS
Exploits0References1
CVE
CVE
added 2019/05/16 6:17 p.m.96 views

CVE-2019-0950

The connected Nessus findings identify CVE-2019-0950 as a Spoofing vulnerability in Microsoft SharePoint Server , arising from the product’s failure to properly sanitize a specially crafted web request. Affected software includes SharePoint Server 2019 (builds older than 16.0.10345.12101) and Sha...

5.7CVSS5.4AI score0.02461EPSS
Exploits0References1Affected Software2
Kaspersky
Kaspersky
added 2019/05/14 12:0 a.m.54 views

KLA11484 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

9.3CVSS9AI score0.13695EPSS
Exploits0References24
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 4:53 a.m.27 views

Security Bulletin: XML External Entity (XXE) vulnerabilities in ClearQuest (CVE-2014-0950)

Summary IBM Rational ClearQuese is vulnerable to XML external entity attacks. These attacks could cause denial of service or be used to attack other servers accessible from a client or server. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts...

7.1CVSS1.3AI score0.01667EPSS
Exploits0Affected Software1
NVD
NVD
added 2018/04/20 9:29 p.m.16 views

CVE-2014-0950

Multiple XML external entity XXE vulnerabilities in 1 CQWeb / CM Server, 2 ClearQuest Native client, 3 ClearQuest Eclipse client, and 4 ClearQuest Eclipse Designer components in IBM Rational ClearQuest 7.1.1 through 7.1.1.9, 7.1.2 through 7.1.2.13, 8.0.0 through 8.0.0.10, and 8.0.1 through 8.0.1....

7.1CVSS7AI score0.01667EPSS
Exploits0References2
CVE
CVE
added 2018/04/20 9:0 p.m.49 views

CVE-2014-0950

Concrete details found: CVE-2014-0950 affects IBM Rational ClearQuest components (CQWeb/CM Server, ClearQuest Native client, ClearQuest Eclipse client, ClearQuest Eclipse Designer). The root cause is XML External Entity (XXE) processing allowing remote attackers to cause a denial of service or ac...

7.1CVSS6.9AI score0.01667EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2018/04/18 5:50 p.m.14 views

CVE-2018-0950

creationtimestamp| type| source ---|---|--- 2018-04-18 17:50:13+00:00| published-proof-of-concept| https://t.me/alexmakus/1970...

6.5CVSS6.6AI score0.09278EPSS
Exploits0References1
NVD
NVD
added 2018/04/12 1:29 a.m.19 views

CVE-2018-0950

An information disclosure vulnerability exists when Office renders Rich Text Format RTF email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique fr...

6.5CVSS5AI score0.09278EPSS
Exploits0References3
Prion
Prion
added 2018/04/12 1:29 a.m.32 views

Information disclosure

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950...

2.6CVSS5.4AI score0.09278EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/04/12 1:0 a.m.76 views

CVE-2018-1007

CVE-2018-1007 refers to an information disclosure in Microsoft Office where memory contents are improperly disclosed when Office renders RTF/OLЕ objects (affecting Office components such as Word/Office). The root cause, per connected advisories, is an error in how memory contents are disclosed, e...

5.3CVSS5.3AI score0.06749EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder