Lucene search
K

2476 matches found

CNVD
CNVD
added 2023/04/16 12:0 a.m.29 views

Siemens SICAM A8000 Command Injection Vulnerability

The Siemens SICAM A8000 is a protection and interval control unit device for relay protection and substation environments from Siemens, Germany. A command injection vulnerability exists in the Siemens SICAM A8000. The vulnerability stems from the device's failure to properly filter constructed...

9.8AI score0.02836EPSS
Exploits1
Wiz blog
Wiz blog
added 2023/04/13 2:19 p.m.11 views

Five ways to bolster security as cloud environments and budgets come under attack

Security experts share their insights for securing cloud environments as the pace and scale of threats accelerates...

7AI score
Exploits0
Trellix
Trellix
added 2023/04/13 12:0 a.m.24 views

Read The Manual Locker: A Private RaaS Provider

Read The Manual Locker: A Private RaaS Provider By Max Kersten · April 13, 2023 The underground intelligence was obtained by N074B07. Another day, another ransomware-as-a-service RaaS provider, or so it seems. We’ve observed the “Read The Manual” RTM Locker gang, previously known for their e-crim...

6.6AI score
Exploits0
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.23 views

Siemens SICAM A8000 命令注入漏洞

The Siemens SICAM A8000 is a protection and interval control unit device for relay protection and substation environments from Siemens, Germany. A command injection vulnerability exists in the Siemens SICAM A8000. The vulnerability stems from the device's failure to properly filter constructed...

9.8CVSS8.2AI score0.02836EPSS
Exploits1References5
Prion
Prion
added 2023/04/06 9:15 p.m.14 views

Deserialization of untrusted data

UNSUPPORTED WHEN ASSIGNED A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 version 11.0 and earlier allows unauthenticated remote attackers to gain operating system code execution by submitting specially crafted Java serialized objects to a specific URL. Adobe LiveCycle ES4...

7.5CVSS9.7AI score0.014EPSS
Exploits0References1Affected Software1
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/04/06 4:0 p.m.19 views

Secure hybrid and remote workplaces with a Zero Trust approach

Productivity and innovation have become critical goals in many hybrid and remote work environments. Ensuring preventative and strong security, in turn, must be at the heart of that. In this blog series, we’ll discuss two Zero Trust business scenarios: enabling a more productive hybrid or remote...

6.3AI score
Exploits0
Ubuntu
Ubuntu
added 2023/03/29 4:44 p.m.85 views

USN-5984-1: Linux kernel vulnerabilities

It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service memory exhaustion. CVE-2021-3669 It was discovered that a use-after-free vulnerability existed in the SGI GRU...

7.9CVSS7.5AI score0.03702EPSS
Exploits5
Wiz blog
Wiz blog
added 2023/03/29 2:40 p.m.10 views

Partnering and prioritization: Lessons learned when building security operations at hyperspeed

CISOs share their experiences ensuring security in fast-growth environments...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/23 3:42 p.m.21 views

Reduce Risk and Regain Control with Cloud Risk Complete

Over the last 10 to 15 years, organizations have been migrating to the cloud to take advantage of the speed and scale it enables. During that time, we’ve all had to learn that new cloud infrastructure means new security challenges, and that many legacy tools and processes are unable to keep up wi...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/16 1:39 p.m.2 views

Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/16 1:39 p.m.40 views

Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration

The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aime...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/15 2:0 p.m.21 views

3 Steps for Ramping Up to Fully Automated Remediation

The number one threat to cloud security is misconfiguration of resources, and frankly, it's not hard to understand why. The cloud is getting bigger, more tangled, and flat-out more unmanageable by the day. In modern Amazon Web Services AWS environments, there are typically millions of resources...

6.6AI score
Exploits0
Gitee
Gitee
added 2023/03/15 10:55 a.m.3 views

vulhub21

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and systems. The primary purpose of this repository is to provide a platform for researchers and security professionals to learn...

7.3AI score
Exploits0
OSV
OSV
added 2023/03/13 12:15 p.m.5 views

CVE-2023-0628

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

7.8CVSS7.3AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2023/03/13 12:15 p.m.25 views

CVE-2023-0628

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

7.8CVSS6.7AI score0.00265EPSS
Exploits0References1
Prion
Prion
added 2023/03/13 12:15 p.m.20 views

Design/Logic Flaw

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

4.4CVSS7.7AI score0.00265EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/03/13 11:16 a.m.29 views

CVE-2023-0628 Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

6.1CVSS8AI score0.00265EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/13 11:16 a.m.6 views

CVE-2023-0628 Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL...

6.1CVSS7.8AI score0.00265EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/13 12:0 a.m.7 views

Docker Desktop 命令注入漏洞

Docker Desktop is a container technology-based desktop software for lightweight deployment of applications from the U.S. company Docker. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

7.8CVSS7.8AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.5 views

PT-2023-2062 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.17.0 Description: The issue allows an attacker to execute arbitrary commands inside a Dev Environments container during initialization. This can be achieved by tricking a user into opening a crafted maliciou...

7.8CVSS7.8AI score0.00265EPSS
Exploits0References4
Rows per page
Query Builder