Lucene search
K

11 matches found

The Hacker News
The Hacker News
added 2024/08/09 5:41 a.m.41 views

CISA Warns of Hackers Exploiting Legacy Cisco Smart Install Feature

The U.S. Cybersecurity and Infrastructure Security Agency CISA has disclosed that threat actors are abusing the legacy Cisco Smart Install SMI feature with the aim of accessing sensitive data. The agency said it has seen adversaries "acquire system configuration files by leveraging available...

10CVSS8.6AI score0.80767EPSS
Exploits3
OSV
OSV
added 2024/01/31 1:34 p.m.3 views

USN-6591-2 postfix update

USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability. We apologize for the inconvenience. Original advisory detail...

5.3CVSS6AI score0.02598EPSS
Exploits4References4
MSRC
MSRC
added 2023/05/09 7:0 a.m.68 views

Guidance related to Secure Boot Manager changes associated with CVE-2023-24932

Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against th...

4.9CVSS7.3AI score0.10561EPSS
Exploits1
MSRC
MSRC
added 2023/05/09 7:0 a.m.44 views

Guidance related to Secure Boot Manager changes associated with CVE-2023-24932

Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this...

6.7CVSS7.5AI score0.10561EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.28 views

Siemens SCALANCE Command Injection (CVE-2021-37721)

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4, 8.6.0.9, 8.5.0.13, 8.3.0.16, 6.5.4.20, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and...

9CVSS7.2AI score0.03055EPSS
Exploits0References4
NVD
NVD
added 2021/03/11 4:15 p.m.22 views

CVE-2021-26887

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...

7.8CVSS0.00921EPSS
Exploits0References1
Prion
Prion
added 2021/03/11 4:15 p.m.18 views

Privilege escalation

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...

4.6CVSS8.4AI score0.00921EPSS
Exploits0References1Affected Software5
Microsoft CVE
Microsoft CVE
added 2021/03/09 8:0 a.m.86 views

Microsoft Windows Folder Redirection Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Windows when Folder redirection has been enabled via Group Policy. When folder redirection file server is co-located with Terminal server, an attacker who successfully exploited the vulnerability would be able to begin redirecting anothe...

7.8CVSS4.1AI score0.00921EPSS
Exploits0
Prion
Prion
added 2021/02/25 11:15 p.m.30 views

Remote code execution

Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe...

6.8CVSS8.7AI score0.02148EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.3 views

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

9.8CVSS7.2AI score0.07269EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2001/01/08 12:0 a.m.27 views

Informix webdriver CGI Unauthenticated Database Access

The remote host may be running Informix Webdriver, a web-to-database interface. If not configured properly, this CGI script may give an unauthenticated attacker the ability to modify and even delete databases on the remote host. Nessus relied solely on the presence of this CGI; it did not try to...

5.6AI score
Exploits0References2
Rows per page
Query Builder