Lucene search
K

287 matches found

CNVD
CNVD
added 2023/05/31 12:0 a.m.14 views

Information Disclosure Vulnerability in Baseline Verification System of Deepcore Technology Co.

Founded in 2000, DeepSign Technology Co., Ltd. is a product and service provider specializing in enterprise-class network security, cloud computing, IT infrastructure and the Internet of Things IoT. An information disclosure vulnerability exists in the baseline verification system of DeepService...

6AI score
Exploits0Affected Software1
OSV
OSV
added 2023/05/25 4:58 p.m.52 views

GHSA-33HQ-F2MF-JM3C kyverno seccomp control can be circumvented

Impact Users of the podSecurity validate.podSecurity subrule in Kyverno versions v1.9.2 and v1.9.3 may be unable to enforce the check for the Seccomp control at the baseline level when using a version value of latest. There is no effect if a version number is referenced instead. See the...

4.6CVSS6.2AI score0.00485EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/05/25 4:58 p.m.30 views

kyverno seccomp control can be circumvented

Impact Users of the podSecurity validate.podSecurity subrule in Kyverno versions v1.9.2 and v1.9.3 may be unable to enforce the check for the Seccomp control at the baseline level when using a version value of latest. There is no effect if a version number is referenced instead. See the...

8.8CVSS6.2AI score0.00485EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2023/04/27 11:52 p.m.3 views

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), androidx.baselineprofile.apptarget:androidx.baselineprofile.apptarget.gradle.plugin (>=1.2.0-alpha12 <=1.2.0-alpha14) +2274 more potentially affected by unknown CVE via org.bitbucket.b_c:jose4j (>=0.4.1 <=0.9.2)

org.bitbucket.bc:jose4j MAVEN version =0.4.1, =4.4.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha07, =1.2.0-alpha12, =1.2.0-alpha07, =2.6.0, =2.6.0, =2.6.0, =1.0.0-alpha01, =1.0.0-alpha01,...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.3 views

SUSE CVE-2019-16249

OpenCV 4.1.1 has an out-of-bounds read in halbaseline::vload in core/hal/intrinsse.hpp when called from computeSSDMeanNorm in modules/video/src/disflow.cpp...

5.3CVSS8.2AI score0.01662EPSS
Exploits0References3
Talos Blog
Talos Blog
added 2023/01/19 9:59 p.m.17 views

Threat Source newsletter (Jan. 19, 2023): Talent retention and institutional knowledge

Welcome to this weeks edition of the Threat Source newsletter. Talent retention and institutional knowledge go hand in hand. Both are critical to ensuring the security of your network environment. To that end, I want to talk briefly about why talent retention isnt just about money. So I am going ...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/11/29 12:8 p.m.23 views

The 5 Core Principles of the Zero-Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero-trust model, every organization should be actively moving in that...

0.1AI score
Exploits0
NVD
NVD
added 2022/09/13 5:15 p.m.16 views

CVE-2022-36103

Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR certificate signing request Talos control plane node might issue Talos API...

8.8CVSS0.00533EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.6 views

PT-2022-4910 · Talos · Talos

Name of the Vulnerable Software and Affected Versions: Talos versions prior to 1.2.2 Description: The issue is related to improper validation of the request while signing a worker node CSR, which might allow a Talos control plane node to issue a Talos API certificate with full access to the Talos...

9CVSS6.2AI score0.00533EPSS
Exploits0References9
Malwarebytes
Malwarebytes
added 2022/09/12 2:30 p.m.12 views

6 patch management best practices for businesses

Patching is a thorn in the side of many businesses today: Everything from keeping up with the volume of patches to prioritizing what needs to be patched first can cause major delays in a business's patching process. Needless to say, businesses are looking to streamline their patch management...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/18 4:26 p.m.20 views

The Five Principles of a Zero Trust Cybersecurity Model

When even the US Government concludes that to ensure baseline security practices are in place and to realize the security benefits of cloud-based infrastructure while mitigating associated risks, they must migrate to a zero trust model, every organization should be actively moving in that...

7.2AI score
Exploits0
Oracle linux
Oracle linux
added 2022/08/05 12:0 a.m.72 views

virt:ol and virt-devel:ol security, bug fix, and enhancement update

libvirt 8.0.0-5.2.0.1 - Set SOURCEDATEEPOCH from changelog Orabug: 32019554 - Add runtime deps for pkg librbd1 = 1:10.2.5 Keshav Sharma 8.0.0-5.2.el8 - cpumap: Disable cpu64-rhel for host-model and baseline rhbz2084030 - cputest: Drop some old artificial baseline tests rhbz2084030 - cputest: Give...

8.2CVSS0.4AI score0.02701EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2022/08/02 10:12 a.m.119 views

Moderate: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.2CVSS6.9AI score0.02701EPSS
Exploits2References9
Rockylinux
Rockylinux
added 2022/08/02 7:4 a.m.49 views

virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

8.2CVSS7.4AI score0.02701EPSS
Exploits2
The Hacker News
The Hacker News
added 2022/07/25 3:43 p.m.75 views

Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11

Microsoft is now taking steps to prevent Remote Desktop Protocol RDP brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds –...

2AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/07/12 5:53 a.m.13 views

Stop using phishing as a measure of your cyber awareness culture

If I had a penny for every time someone said to me “let’s measure our security culture by phishing our staff” I’d probably be able to fill my car up. It’s a really easy thing to do, you carry out some online training and typically they come with phishing simulations as a free or low cost add on. ...

7.2AI score
Exploits0
CISA
CISA
added 2022/06/22 12:0 a.m.25 views

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...

1.7AI score
Exploits0References19
ICS
ICS
added 2022/06/21 12:0 a.m.70 views

Phoenix Contact Classic Line Industrial Controllers

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Phoenix Contact Equipment: ILC 131 ETH, ILC 131 ETH/XC, ILC 151 ETH, ILC 151 ETH/XC, ILC 171 ETH 2TX, ILC 191 ETH 2TX, ILC 191 ME/AN, and AXC 1050 Vulnerability: Missing Authentication for Critical...

9.8CVSS10AI score0.03079EPSS
Exploits1References4
OSV
OSV
added 2022/06/20 8:22 p.m.10 views

MAL-2022-6060 Malicious code in sfdx-plugin-baseline (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f4456b51bee2b1a647a07a3effecf0e031d79ef05ba68f817fc018ce0626ec0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:22 p.m.6 views

Malicious code in sfdx-plugin-baseline (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4f4456b51bee2b1a647a07a3effecf0e031d79ef05ba68f817fc018ce0626ec0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Rows per page
Query Builder