Lucene search
K

513 matches found

The Hacker News
The Hacker News
added 2021/04/21 5:7 a.m.156 views

3 Zero-Day Exploits Hit SonicWall Enterprise Email Security Appliances

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security ES product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye's Mandiant subsidia...

9.8CVSS0.9AI score0.83425EPSS
Exploits0
CISA
CISA
added 2021/04/20 12:0 a.m.15 views

CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations. In response, CISA has released Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as...

6.9AI score
Exploits0References9
Krebs on Security
Krebs on Security
added 2021/04/16 12:57 p.m.79 views

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawlin...

9CVSS0.6AI score0.23771EPSS
Exploits0
FireEye
FireEye
added 2021/04/13 12:0 a.m.23 views

M-Trends 2021: A View From the Front Lines

We are thrilled to launch M-Trends 2021, the 12th edition of our annual FireEye Mandiant publication. The past year has been unique, as we witnessed an unprecedented combination of global events. Business operations shifted in response to the worldwide pandemic and threat actors continued to...

0.6AI score
Exploits0References5
Qualys Blog
Qualys Blog
added 2021/04/02 3:0 p.m.106 views

Qualys Update on Accellion FTA Security Incident

Update April 2, 2021 to the March 3 original blog post: As part of our commitment to keeping customers and the community informed about how we are addressing and resolving the Accellion FTA cyber incident, we are providing the following update to confirm containment of the incident and share...

0.4AI score
Exploits0
NVD
NVD
added 2021/04/01 8:15 p.m.16 views

CVE-2021-28969

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sortby parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the...

6.5CVSS0.01316EPSS
Exploits1References1
OSV
OSV
added 2021/04/01 8:15 p.m.3 views

CVE-2021-28969

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sortby parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the...

6.5CVSS5.9AI score0.01316EPSS
Exploits1References1
OSV
OSV
added 2021/04/01 8:15 p.m.2 views

CVE-2021-28970

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the jobid parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3...

6.5CVSS6.7AI score0.01316EPSS
Exploits1References1
NVD
NVD
added 2021/04/01 8:15 p.m.18 views

CVE-2021-28970

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the jobid parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3...

6.5CVSS0.01316EPSS
Exploits1References1
Prion
Prion
added 2021/04/01 8:15 p.m.12 views

Sql injection

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the jobid parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3...

4CVSS6.5AI score0.01316EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/04/01 8:15 p.m.15 views

Sql injection

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sortby parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the...

4CVSS6.5AI score0.01398EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/04/01 7:50 p.m.22 views

CVE-2021-28970

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the jobid parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3...

6.8AI score0.01316EPSS
Exploits1References1
CVE
CVE
added 2021/04/01 7:50 p.m.75 views

CVE-2021-28970

CVE-2021-28970 concerns eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices. The vulnerability allows a remote authenticated user to perform a SQL injection through the job_id parameter in the email search feature. The underlying impact reported includes partial confidentiality...

6.5CVSS6.5AI score0.01316EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/04/01 7:47 p.m.23 views

CVE-2021-28969

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sortby parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3. NOTE: this is different from CVE-2020-25034 and affects newer versions of the...

6.7AI score0.01316EPSS
Exploits1References1
CVE
CVE
added 2021/04/01 7:47 p.m.73 views

CVE-2021-28969

CVE-2021-28969 affects FireEye eMPS 9.0.1.923211 on EX 3500 devices, where remote authenticated users can perform SQL injection through the sort_by parameter in the email search feature. The issue is addressed in version 9.0.3 per the vendor. Connected documents corroborate the vulnerability in e...

6.5CVSS6.5AI score0.01316EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/04/01 12:0 a.m.6 views

Mainway FireEye EX SQL注入漏洞

Mainway FireEye EX is an all-in-one platform for enterprise security from Mainway, a China-based company. the FireEye® Central Management Platforms CM Series are a set of management platforms that consolidate the management, reporting, and data sharing of FireEye products into a single, easily...

6.5CVSS6.8AI score0.01316EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/04/01 12:0 a.m.5 views

Mainway FireEye EX SQL注入漏洞

Mainway FireEye EX is an all-in-one platform for enterprise security from Mainway, a China-based company. the FireEye® Central Management Platforms CM Series are a set of management platforms that consolidate the management, reporting, and data sharing of FireEye products into a single, easily...

6.5CVSS6.8AI score0.01316EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2021/03/17 4:18 p.m.131 views

Mimecast: SolarWinds Attackers Stole Source Code

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company. The email security firm initially reported that a certificate compromise in January was part of the...

0.4AI score
Exploits0References21
HackRead
HackRead
added 2021/03/05 9:27 p.m.63 views

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

By Deeba Ahmed Microsoft and FireEye have identified 3 new malware used by SolarWinds hackers in their last year's attack on critical cyberinfrastructure in the US. This is a post from HackRead.com Read the original post: Microsoft, FireEye report 3 new malware linked to SolarWinds hackers...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/05 9:20 a.m.61 views

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat...

0.3AI score
Exploits0
Rows per page
Query Builder