Lucene search
K

280 matches found

NVD
NVD
added 2021/02/23 12:15 p.m.36 views

CVE-2020-8902

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...

4.3CVSS0.00325EPSS
Exploits0References1
Prion
Prion
added 2021/02/23 12:15 p.m.16 views

Server side request forgery (ssrf)

Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery SSRF attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are t...

4CVSS4.5AI score0.00325EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2021/02/12 12:0 p.m.35 views

Compromise of U.S. Water Treatment Facility

Summary On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition SCADA system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also...

9.9AI score
Exploits0References18
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/31 12:10 a.m.307 views

IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index

Question What Technotes exist for the IBM Security Network Protection / IBM QRadar Network Security XGS sensor? Answer The content below includes a list of all technical notes published under IBM Security Network Protection / IBM QRadar Network Security by category and sorted by popularity. Users...

10CVSS0.6AI score0.99999EPSS
Exploits140
CVE
CVE
added 2021/01/20 2:50 p.m.62 views

CVE-2021-2127

CVE-2021-2127 affects Oracle VM VirtualBox prior to 6.1.18 (Core component). The vulnerability can lead to a hang or frequent crashes (DoS) and requires HIGH privileges with local access; CVSSv3.1 vector in the sources shows high availability impact. Public threads in connected documents indicate...

4.9CVSS4.9AI score0.0046EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/01/20 2:50 p.m.179 views

CVE-2021-2074

CVE-2021-2074 affects Oracle VM VirtualBox (Core) prior to version 6.1.18. The vulnerability enables a high-privilege attacker who can log on to the host to compromise VirtualBox, with potential impact to related Oracle virtualization products. The CVSS v3.1 base score is 8.2 (Impact: Confidentia...

8.2CVSS8AI score0.00493EPSS
Exploits0References2Affected Software1
MSRC
MSRC
added 2021/01/13 8:0 a.m.6 views

Security Update Guide Supports CVEs Assigned by Industry Partners

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability. The CVE program was...

1.8AI score
Exploits0
MSRC
MSRC
added 2021/01/13 8:0 a.m.9 views

Security Update Guide Supports CVEs Assigned by Industry Partners

Hi Folks, This month we are introducing a new data element for each CVE in the Security Update Guide, called Assigning CNA. First let me back up a bit and give some information about the CVE program. The purpose of a CVE is to uniquely identify a cybersecurity vulnerability. The CVE program was...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/12/15 5:41 p.m.34 views

SolarWinds Hack Could Affect 18K Customers

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affecte...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2020/12/14 4:26 p.m.51 views

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the companys...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2020/12/03 3:47 p.m.29 views

Cyberattacks Target COVID-19 Vaccine 'Cold-Chain' Orgs

A sophisticated, global phishing campaign has been targeting the credentials of organizations associated with the COVID-19 “cold-chain” – companies that ensure the safe preservation of vaccines by making sure they are stored and transported in temperature-controlled environments. The phishing...

0.5AI score
Exploits0References13
CISA
CISA
added 2020/11/23 12:0 a.m.43 views

VMware Releases Workarounds for CVE-2020-4006

VMware has released workarounds to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure...

9CVSS3.4AI score0.23771EPSS
Exploits0References2
CISA
CISA
added 2020/11/19 12:0 a.m.23 views

Google Releases Security Updates for Chrome

Google has released Chrome version 87.0.4280.66 for Windows, Mac, and Linux to address multiple vulnerabilities. Some of these vulnerabilities could allow an attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrato...

7.1AI score
Exploits0References1
Schneier on Security
Schneier on Security
added 2020/11/10 12:40 p.m.21 views

2020 Was a Secure Election

Over at Lawfare: "2020 Is An Election Security Success Story So Far." What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a...

1.2AI score
Exploits0
CISA
CISA
added 2020/11/10 12:0 a.m.11 views

Microsoft Releases November 2020 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review Microsoft’s...

7AI score
Exploits0References2
CISA
CISA
added 2020/11/02 12:0 a.m.52 views

Oracle Releases Out-of-Band Security Alert

Oracle has released an out-of-band security alert to address a remote code execution vulnerability—CVE-2020-14750—in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA urges user...

7.5CVSS9.4AI score0.9927EPSS
Exploits9References1
ICS
ICS
added 2020/10/24 12:0 p.m.36 views

Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

Summary The Cybersecurity and Infrastructure Security Agency CISA is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the...

10AI score
Exploits0References40
CISA
CISA
added 2020/10/21 12:0 a.m.8 views

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the following...

7AI score
Exploits0References10
CISA
CISA
added 2020/10/07 12:0 a.m.15 views

Google Releases Security Updates for Chrome

Google has released Chrome version 86.0.4240.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

7AI score
Exploits0References1
CISA
CISA
added 2020/09/30 12:0 a.m.15 views

CISA Releases Telework Essentials Toolkit

The Cybersecurity and Infrastructure Security Agency CISA has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive...

6.8AI score
Exploits0References3
Rows per page
Query Builder