232 matches found
CVE-2021-45417
A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large 16k extended file attributes or ACL...
OPENSUSE-SU-2022:0037-1 Security update for firejail
This update for firejail fixes the following issues: - Update Leap 15.3 package to 0.9.68 boo1195880 update to firejail 0.9.68: - security: on Ubuntu, the PPA is now recommended over the distro package - see README.md 4748 - security: bugfix: private-cwd leaks access to the entire filesystem -...
Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do
After more than 20 years of underwhelming results, security leaders have accepted their intrusion detection system IDS programs as no more than a compliance checkoff. It’s no secret that IDS’s reliance on bi-modal signatures is brittle, easily evaded and often referred to as an “alert cannon.” Ti...
Spotting brand impersonation with Swin transformers and Siamese neural networks
Every day, Microsoft Defender for Office 365 encounters millions of brand impersonation emails. Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks. In thi...
WDScanner Cross-Site Scripting Vulnerability
WDScanner is an easy-to-use distributed web vulnerability detection system. version 1.1 of WDScanner has a cross-site scripting vulnerability in the system administration page, through which an attacker can execute client-side code...
Suricata 安全漏洞
Suricata is a network intrusion detection system IDS, intrusion prevention system IPS and network security monitoring engine developed by the Open Information Security Foundation OISF and its supporting vendors, which supports multi-threading, built-in IPv6, and the ability to load pre-defined...
Weak Password Vulnerability in ChinaNetWizards Next-Generation Firewalls
ZKNETWORTH's next-generation firewall control system products are based on L2-7 layer access application control, integrating firewall, IPS intrusion detection, DDoS/DOS protection, AV virus protection; realizing comprehensive security protection for intranet, and providing security firewall...
The vulnerability of the Snort intrusion detection system, related to the unlimited distribution of resources, allows a perpetrator to trigger a service failure.
The vulnerability of the Snort intrusion detection system is related to the unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to cause service interruptions from a remote location...
The vulnerability of the Intrusion Detection Service (IDS) of Junos operating system’s MX routers allows a intruder to block any arbitrary traffic.
The vulnerability of the Intrusion Detection Service IDS on Junos operating system’s MX routers is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to block any incoming traffic remotely...
File Upload Vulnerability in Coolweather's Typo Detection System (CNVD-2020-73271)
CoolWeather Typo Detection System is a typo detection system for government websites, which is able to detect typos on government website pages. A file upload vulnerability exists in CoolWeaver Typo Detection System, which can be exploited by attackers to gain control of the server...
File Upload Vulnerability in Coolweather Typo Detection System
CoolWeather Typo Detection System is a typo detection system for government websites, which is able to detect typos on government website pages. A file upload vulnerability exists in CoolWeaver Typo Detection System, which can be exploited by attackers to gain control of the server...
Emotet Malware
Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency CISA and the Multi-State...
Feds Sound Alarm Over Emotet Attacks on State, Local Govs
A dramatic uptick in Emotet phishing attacks since July has led the U.S. Cybersecurity and Infrastructure Security Agency CISA to issue a warning that state and local governments need to fortify their systems against the trojan. “This increase has rendered Emotet one of the most prevalent ongoing...
Logic Flaw Vulnerability in UTS Integrated Threat Probe at Beijing Shenzhou Green Alliance Technology Co.
Green Alliance UTS is equipped with IDS and WAF dual detection engine system, combining threat intelligence, malicious file detection, DDoS detection, Webshell detection and anomalous behavior detection and other means to quickly detect traditional and advanced threats. There is a logic flaw in t...
EINSTEIN Data Trends – 30-day Lookback
Summary Cybersecurity and Infrastructure Security Agency CISA analysts have compiled the top detection signatures that have been the most active over the month of May in our national Intrusion Detection System IDS, known as EINSTEIN. This information is meant to give the reader a closer look into...
On the Way Thesis Detection System is Vulnerable to Information Leakage
Founded in 2017, Chengdu On the Way Technology Limited Liability Company is a company that specializes in information system integration services, integrated circuit design, communication equipment excluding wireless radio and television transmission and satellite ground receiving equipment,...
Linux: Install AIDE
Advanced Intrusion Detection Environment aide is an intrusion detection system for checking the integrity of files. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Apple iOS/iPadOS/watchOS/macOS CVE-2019-8856 Security Vulnerability
Description Apple iOS/iPadOS/watchOS/macOS are prone to a security vulnerability. Attackers can exploit this issue to bypass security restrictions and perform unauthorized actions. Technologies Affected Apple Ipad Mini- Apple Watch Apple iOS 10 Apple iOS 10.0.1 Apple iOS 10.1 Apple iOS 10.2 Apple...
Qualcomm Closed Source Components Multiple Remote Unspecified Vulnerabilities
Description Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-123998200, A-134437248, A-134437319,...
Multiple IBM Products CVE-2019-4459 Cross Site Scripting Vulnerability
Description Multiple IBM Products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...