Lucene search
K

2476 matches found

Talos Blog
Talos Blog
added 2023/09/06 4:46 p.m.40 views

Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication

Cisco Talos recently disclosed eight vulnerabilities in the engine configuration functionality in Open Automations Software Platform. OAS Platform is commonly found in industrial operations and enterprise environments. It allows various devices, including PLCs, servers, files, databases and...

7.5CVSS6.9AI score0.03356EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/09/06 12:31 a.m.77 views

USN-6342-1: Linux kernel vulnerabilities

Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. CVE-2023-20593 Zheng Zhang discovered that the device-mapper implementation in the Linux kernel...

7.8CVSS7.7AI score0.05794EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2023/09/05 12:0 a.m.5 views

The vulnerability of the angular.copy() function in the application design environment and the Angular development platform allows a attacker to trigger a service failure.

The vulnerability of the angular.copy function in the application and platform development environment for one-page applications related to Angular involves the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause...

5.3CVSS6.5AI score0.01695EPSS
Exploits1References8Affected Software2
Citrix
Citrix
added 2023/08/31 12:0 a.m.8 views

How to disable Receiver for HTML5 in Cloud?

How to disable Receiver for HTML5 in Cloud?...

7.1AI score
Exploits0
NCSC
NCSC
added 2023/08/31 12:0 a.m.5 views

Vulnerability fixed in VMware Tools

VMware has fixed a vulnerability in VMware Tools for Windows and Linux. A malicious party could use a man-in-the-middle attack to bypass SAML tokens and thus manipulate the operation of VMware Guests manipulate. As a result, the malicious party could potentially gain access to sensitive data or...

7.5CVSS7.6AI score0.01193EPSS
Exploits0
Imperva Blog
Imperva Blog
added 2023/08/28 8:19 p.m.19 views

Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory

Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2023/08/27 12:0 a.m.5 views

IBM Security Guardium Data Encryption 安全漏洞

IBM Security Guardium Data Encryption is a software from International Business Machines IBM that is used to secure sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files,...

7.5CVSS6.3AI score0.00475EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/08/26 10:26 a.m.39 views

LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants

The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. "The...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/11 5:20 a.m.65 views

16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks

A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit SDK that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology OT environments. The flaws, tracked from CVE-2022-47378...

8.8CVSS8.8AI score0.0199EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/08/09 4:0 p.m.8 views

New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection

With more than 90 percent of organizations adopting a multicloud strategy1 and cloud-based cyberattacks growing 48 percent year over year,2 securing multicloud and hybrid environments is more important than ever. To successfully protect multicloud infrastructure—where customers are utilizing two ...

7.4AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/08/09 4:0 p.m.17 views

New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection

With more than 90 percent of organizations adopting a multicloud strategy1 and cloud-based cyberattacks growing 48 percent year over year,2 securing multicloud and hybrid environments is more important than ever. To successfully protect multicloud infrastructure—where customers are utilizing two ...

7.4AI score
Exploits0
CNVD
CNVD
added 2023/08/09 12:0 a.m.17 views

Siemens RUGGEDCOM ROS Device Web Server Denial of Service Vulnerability

RUGGEDCOM Ethernet switches are used for reliable operation in electrically harsh and climatically demanding environments such as power substations and traffic control cabinets. A denial of service vulnerability exists in the Siemens RUGGEDCOM ROS device web server, which can be exploited by an...

7.5CVSS6.6AI score0.00531EPSS
Exploits0References1
CNVD
CNVD
added 2023/08/07 12:0 a.m.22 views

F5 BIG-IP and BIG-IQ Centralized Management Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, etc. F5 BIG-IQ Centralized Management is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery...

4.3CVSS6.7AI score0.00453EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2023/08/01 12:55 p.m.19 views

Risk Fact #1: Cloud Migration Exploitation Cloud Security Research Risk Fact

Qualys Blog Series – 2023 TotalCloud Security Insights by the Threat Research Unit The 2023 TotalCloud Security Insights report from the Qualys Threat Research Unit TRU provides research insights, best practices, and detailed recommendations organized by five separate Risk Facts. The insights wil...

7.1AI score
Exploits0
Wiz blog
Wiz blog
added 2023/07/26 7:35 p.m.48 views

Zenbleed: cross-process infoleak vulnerability in AMD Zen 2 Processors - everything you need to know

Learn about the impact in cloud environments of CVE-2023-20593, a cross-process information leak vulnerability in AMD Zen 2 Processors...

5.5CVSS6.7AI score0.05794EPSS
Exploits1
hivepro
hivepro
added 2023/07/21 8:38 a.m.32 views

A New Cross-Platform ‘P2PInfect’ Worm Threatening Cloud Environments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary P2PInfect, a new cross-platform worm written in Rust, targets vulnerable Redis instances in cloud environments via the CVE-2022-0543 vulnerability, potentially posing a significant threat to over 307,000...

10CVSS6.8AI score0.9967EPSS
Exploits8
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.4 views

The vulnerability of the SmmEntryPoint function in open-source development environments for UEFI EDK2 allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SmmEntryPoint function in open-source development environments for UEFI EDK2 relates to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

10CVSS6.8AI score0.00971EPSS
Exploits0References9Affected Software3
Rapid7 Blog
Rapid7 Blog
added 2023/07/18 12:0 p.m.14 views

Managing Risk Across Hybrid Environments with Executive Risk View

Over the last decade or so, organizations of all shapes and sizes across all industries have been going through a seismic shift in the way they engage with their customers and deliver their solutions to the market. These new delivery models are often underpinned by cloud services, which can chang...

6.9AI score
Exploits0
NVD
NVD
added 2023/07/17 11:15 p.m.11 views

CVE-2023-37479

Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...

7.5CVSS0.00634EPSS
Exploits0References3
Prion
Prion
added 2023/07/17 11:15 p.m.17 views

Design/Logic Flaw

Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...

5CVSS7.5AI score0.00634EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder