Lucene search
K

134 matches found

Cvelist
Cvelist
added 2020/09/24 5:51 p.m.26 views

CVE-2020-3524 Cisco IOS XE ROM Monitor Software Vulnerability

A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...

6.4CVSS6.5AI score0.00285EPSS
Exploits0References1
Cisco
Cisco
added 2020/09/24 4:0 p.m.30 views

Cisco IOS XE ROM Monitor Software Vulnerability

A vulnerability in the Cisco IOS XE ROM Monitor ROMMON Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated,...

6.4CVSS6.3AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2020/09/23 12:26 a.m.72 views

CVE-2019-1736

Cisco UCS C-Series Rack Servers are affected by a UEFI Secure Boot bypass vulnerability (CVE-2019-1736) arising from improper validation of server firmware upgrade images. An authenticated, physical attacker could install a firmware version that disables UEFI Secure Boot, bypasses signature valid...

6.9CVSS6.2AI score0.00247EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2020/09/23 12:26 a.m.10 views

CVE-2019-1736 Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface UEFI Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improp...

6.2CVSS6.6AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/09/23 12:26 a.m.30 views

CVE-2019-1736 Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability

A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface UEFI Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improp...

6.2CVSS6.3AI score0.00247EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/01 7:43 p.m.29 views

Malicious Package in angular-material-sidenav-rnd

Version 0.1.1 of angular-material-sidenav-rnd contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.1.1 of this module is found...

2.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2020/03/25 7:15 p.m.16 views

CVE-2020-5282

In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the npm command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta...

9.8CVSS7AI score0.01143EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2020/03/11 4:0 p.m.34 views

Guarding against supply chain attacks—Part 3: How software becomes compromised

Do you know all the software your company uses? The software supply chain can be complex and opaque. It’s comprised of software that businesses use to run operations, such as customer relationship management CRM, enterprise resource planning ERP, and project management. It also includes the...

0.1AI score
Exploits0
Veracode
Veracode
added 2019/07/15 1:37 a.m.17 views

Malicious Package

paranoid2 1.1.6 is a malicious package. The vulnerability exists as the package has been compromised through the publication of a rogue version that includes a piece of malicious code...

9.8CVSS9.2AI score0.0435EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/10/05 2:29 p.m.18 views

Input validation

A vulnerability in Cisco IOS ROM Monitor ROMMON Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a...

4.6CVSS6.6AI score0.00361EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/05 2:0 p.m.24 views

CVE-2018-15370 Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability

A vulnerability in Cisco IOS ROM Monitor ROMMON Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a...

6.7AI score0.00361EPSS
Exploits0References2
Cisco
Cisco
added 2018/09/26 4:0 p.m.49 views

Cisco Catalyst 6800 Series Switches ROM Monitor Software Secure Boot Bypass Vulnerability

A vulnerability in Cisco IOS ROM Monitor ROMMON Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a...

6.4CVSS2.1AI score0.00361EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2018/07/23 8:50 p.m.24 views

node-fabric is malware

The node-fabric package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

7.5CVSS7.3AI score0.01177EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2017/08/15 2:0 p.m.17 views

Attackers Backdoor NetSarang Software Update Mechanism

Attackers infiltrated the update mechanism for a popular server management software package as recently as last month and modified it to include a backdoor. NetSarang, which has headquarters in South Korea and the United States, has removed the backdoored update, but not before it was activated o...

0.9AI score
Exploits0References2
Rows per page
Query Builder