Lucene search
K

264 matches found

Prion
Prion
added 2021/06/02 9:15 p.m.23 views

Server side request forgery (ssrf)

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 194595...

5.5CVSS5.2AI score0.00504EPSS
Exploits0References2Affected Software9
NCSC
NCSC
added 2021/01/21 12:0 a.m.6 views

Vulnerabilities fixed in Oracle Hyperion

Oracle has fixed vulnerabilities in the following Oracle Hyperion products: Hyperion Infrastructure Technology Hyperion Financial Reporting The vulnerabilities allow an unauthenticated malicious person with network access to the vulnerable system may be able to launch attacks execute attacks that...

9.8CVSS7.4AI score0.99019EPSS
Exploits10
Akamai Blog
Akamai Blog
added 2020/12/10 2:0 p.m.105 views

Smart DNS: Delivering the Best Subscriber Experience

This is the second in a series of blog posts that discuss how smart DNS resolvers can enhance ongoing network transformation efforts such as the transition to 5G, better integration of Wi-Fi, and new network designs that optimize the edge to improve the subscriber experience, service delivery, an...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2020/11/19 2:34 p.m.128 views

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, including locations in the United States. Researchers observed a...

9.3CVSS0.4AI score0.99512EPSS
Exploits75References11
Prion
Prion
added 2020/10/01 7:15 p.m.29 views

Code injection

When trying to load a non-video in an audio/video context the exact status code 200, 302, 404, 500, 412, 403, etc. was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status ...

4.3CVSS6.4AI score0.01234EPSS
Exploits1References3Affected Software1
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/09/05 4:6 p.m.10 views

1H 2020 Cyber Security Defined by Covid-19 Pandemic

When we published our 2020 Predictions report in December, we didn’t realize there was a global pandemic brewing that would give cybercriminals an almost daily news cycle to take advantage of in their attacks against people and organizations around the world. Malicious actors have always taken...

Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2020/09/02 5:36 p.m.13 views

1H 2020 Cyber Security Defined by Covid-19 Pandemic

When we published our 2020 Predictions report in December, we didn’t realize there was a global pandemic brewing that would give cybercriminals an almost daily news cycle to take advantage of in their attacks against people and organizations around the world. Malicious actors have always taken...

Exploits0
Gitee
Gitee
added 2020/07/31 5:53 p.m.3 views

MITMf

MITMf is a framework for Man-In-The-Middle attacks. It is a modular and easily extendible tool that aims to provide a one-stop-shop for network attacks. The framework is based on sergio-proxy and has been rewritten from scratch to address the shortcomings of other tools like Ettercap and Mallory...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2020/07/14 12:0 a.m.28 views

CVE-2020-14562

Vulnerability in the Java SE product of Oracle Java SE component: ImageIO. Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

5.3CVSS6.8AI score0.05166EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/07/13 12:0 a.m.9 views

Huawei Data Communication: Configuring VRRP Authentication

VRRP security policies are configured to prevent network attacks. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/06/30 12:0 a.m.1074 views

OpenSSH Information Disclosure Vulnerability

OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers from the Openbsd Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection hijacking, an...

5.9CVSS5.3AI score0.02057EPSS
Exploits2References1
Wallarm Lab
Wallarm Lab
added 2020/06/10 11:14 p.m.31 views

The Evolution of Cyber Defense

To my knowledge, the first reference to the idea and principles of signatures for detecting network attacks dates back to 1987. This was a scientific paper by Dorothy E. Denning from Stanford Research Institute SRI Heres the link to the paper. According to the publication’s records, it was sent t...

2.7AI score
Exploits0
The Hacker News
The Hacker News
added 2019/11/07 1:50 p.m.5 views

Amazon's Ring Video Doorbell Lets Attackers Steal Your Wi-Fi Password

Security researchers at Bitdefender have discovered a high-severity security vulnerability in Amazon's Ring Video Doorbell Pro devices that could allow nearby attackers to steal your WiFi password and launch a variety of cyberattacks using MitM against other devices connected to the same network...

5.8AI score
Exploits0
CNVD
CNVD
added 2019/10/29 12:0 a.m.1 views

Linux kernel buffer overflow vulnerability (CNVD-2019-38535)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the writetptentry function in the drivers/infiniband/hw/cxgb4/mem.c file in Linux kernel 5.3.2 and earlier. The vulnerability...

7.5CVSS7.7AI score0.06236EPSS
Exploits0References1
OSV
OSV
added 2019/10/16 6:15 p.m.7 views

CVE-2019-2962

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: 2D. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.7CVSS5.2AI score
Exploits0References22
ThreatPost
ThreatPost
added 2019/07/01 9:25 p.m.101 views

Finding Beauty in the IT Architecture

I have a confession to make. I’m a sucker for good architecture. Visiting places like Singapore, London, Rome, Buenos Aires, and New York City, I quickly find myself gravitating towards beautiful archways, spires, and even the voids used in designing some of the world’s most amazing buildings. I...

6.6AI score
Exploits0References7
myhack58
myhack58
added 2019/05/22 12:0 a.m.841 views

Together we analyze this just to fix the RDP vulnerability, CVE-2019-0708-vulnerability warning-the black bar safety net

! Write in front of words At Microsoft in May this year of the vulnerability Update Security Bulletin, reference was made to a Remote Desktop Protocol RDP for vulnerabilities. The reason we're here specifically for this vulnerability analysis, is because of this vulnerability the update relates t...

10CVSS1AI score0.99999EPSS
Exploits123
OSV
OSV
added 2019/05/14 8:29 p.m.5 views

CVE-2019-6572

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" All versions V15.1 Update 1, SIMATIC HMI Comfort Outdoor Panels 7" & 15" All versions V15.1 Update 1, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F All versions V15.1 Update 1, SIMATIC WinCC...

9.1CVSS7AI score0.02721EPSS
Exploits0References3
Akamai Blog
Akamai Blog
added 2019/03/04 11:0 a.m.50 views

Architecting DNS for DDoS Durability and Resilience

My business depends on my domain name being 100% available. How do I ensure my domain name is durable to attack and resilient during Internet stress? After many years of hard work from many Internet engineers and system administrators, Akamai Technologies has been working towards DNS infrastructu...

Exploits0
myhack58
myhack58
added 2018/11/30 12:0 a.m.22 views

The United States Postal Service, the Amazon company due to API defects lead to a large number of customer data exposure-vulnerability warning-the black bar safety net

The United States is an annual holiday shopping carnival on Friday officially kicked off, and at the same time, the United States Postal Service and Amazon but there were two security incidents, both with the API using the improper about this event affected millions of people, at the same time...

7.4AI score
Exploits0
Rows per page
Query Builder