Lucene search
+L

280 matches found

The Hacker News
The Hacker News
added 2024/07/04 9:10 a.m.86 views

Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service DoS condition. "The remote code execution vulnerability in PanelView Plus involves two custom...

9.8CVSS8.6AI score0.99485EPSS
Exploits20
The Hacker News
The Hacker News
added 2024/06/26 9:52 a.m.21 views

Practical Guidance For Securing Your Software Supply Chain

The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who...

6.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/05/28 6:18 p.m.10 views

CVE-2023-43846

Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the device logs via HTTP GET request. The logs contain such information as user names and IP addresses used in the infrastructure. This information may help the...

6.8AI score0.00581EPSS
Exploits1References1
HackRead
HackRead
added 2024/05/06 12:40 p.m.26 views

Critical Cybersecurity Loopholes Found in Paris 2024 Olympics Infrastructure

By Deeba Ahmed Paris 2024 Olympics face cybersecurity threats. Outpost24 analysis reveals open ports, SSL misconfigurations, and more. Can the organizers secure the Games in time? Read for critical insights and potential consequences. This is a post from HackRead.com Read the original post:...

7.3AI score
Exploits0
Amazon
Amazon
added 2024/05/03 12:0 a.m.14 views

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attrallocatefra...

7.8CVSS8AI score0.00983EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/04/16 10:15 p.m.29 views

CVE-2024-21108

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...

3.3CVSS6.4AI score0.00288EPSS
Exploits0References2
CVE
CVE
added 2024/04/16 9:26 p.m.104 views

CVE-2024-21115

CVE-2024-21115 affects Oracle VM VirtualBox (Core) with UNIX/Linux hosts, vulnerable in all supported releases prior to 7.0.16. The vulnerability enables a local, low-privilege attacker with logon to compromise VirtualBox, with potential takeover and impact on related products (scope change). CVS...

8.8CVSS8.5AI score0.00454EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2024/01/23 11:21 a.m.5 views

CVE-2023-46343

creationtimestamp| type| source ---|---|--- 2024-01-23 11:21:28+00:00| seen| https://t.me/ctinow/171858 2024-01-24 13:11:25+00:00| seen| https://t.me/ctinow/172729 2024-02-17 07:36:23+00:00| seen| https://t.me/ctinow/186801 2025-08-14 10:00:00+00:00| seen|...

5.5CVSS6.6AI score0.00237EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/01/18 12:0 a.m.77 views

Oracle Primavera P6 Enterprise Project Portfolio Management (January 2024 CPU)

The version of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineeri...

7.5CVSS6.3AI score0.01449EPSS
Exploits1References5
Malwarebytes
Malwarebytes
added 2023/12/19 11:31 p.m.36 views

FBI issues advisory over Play ransomware

The Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and the Australian Signals Directorate’s Australian Cyber Security Centre ACSC have released a joint Cybersecurity Advisory CSA about Play ransomware. According to the FBI, Play made around 300 victims...

7.7AI score
Exploits0
Wiz blog
Wiz blog
added 2023/12/05 5:50 p.m.11 views

Wiz recognized by Frost and Sullivan as a leading Cloud Native Application Protection Platform for 2023

Learn why Frost & Sullivan's Frost Radar Report describes the Wiz platform "as one of the market’s most powerful cloud infrastructure security platforms."...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.19 views

Rockwell Automation Stratix OpenSSL Elliptic Curve d2i_ECPrivateKey Denial of Service (CVE-2015-0209)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition or corrupt portions of OpenSSL process memory. This plugin only works with Tenable.ot. Pleas...

6.8CVSS6.9AI score0.1633EPSS
Exploits0References4
Talos Blog
Talos Blog
added 2023/11/09 1:0 p.m.23 views

What is NIS2, and how can you best prepare for the new cybersecurity requirements in the EU?

NIS2 is a European directive that includes new measures to ensure that organizations operating in the European Union EU have a high common level of network and infrastructure security. The "directive" outlines the goals all EU member states must achieve. However, each country will implement it in...

7.1AI score
Exploits0
CVE
CVE
added 2023/10/17 9:3 p.m.59 views

CVE-2023-22099

CVE-2023-22099 concerns Oracle VM VirtualBox (Core) on the 7.0.x line. Affected: Oracle VM VirtualBox prior to 7.0.12. The issue enables a high-privilege, local attacker with logon to the host to compromise VirtualBox, with potential scope changes affecting other products, and may lead to takeove...

8.2CVSS8.1AI score0.00331EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2023/10/10 9:13 p.m.84 views

CVE-2023-44487

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

7.5CVSS8AI score0.99999EPSS
Exploits20References8
Tenable Nessus
Tenable Nessus
added 2023/09/21 12:0 a.m.23 views

Siemens LOGO! 8 BM Devices Buffer Copy Without Checking Size of Input (CVE-2022-36361)

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions. Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. Th...

9.8CVSS8.2AI score0.00901EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/09/05 12:0 a.m.25 views

Honeywell Experion PKS, LX and PlantCruise Improper Encoding or Escaping of Output (CVE-2023-24480)

Controller DoS due to stack overflow when decoding a message from the server This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid501610;...

9.8CVSS7.5AI score0.00718EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.14 views

Moxa IKS, EDS Improper Restriction of Excessive Authentication Attempts (CVE-2019-6524)

Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

9.8CVSS8.4AI score0.0271EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.24 views

Moxa IKS, EDS Uncontrolled Resource Consumption (CVE-2019-6559)

Moxa IKS and EDS allow remote authenticated users to cause a denial of service via a specially crafted packet, which may cause the switch to crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

6.5CVSS6.5AI score0.02403EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.23 views

Moxa IKS, EDS Predictable From Observable State (CVE-2019-6563)

Moxa IKS and EDS generate a predictable cookie calculated with an MD5 hash, allowing an attacker to capture the administrator's password, which could lead to a full compromise of the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

10CVSS8.4AI score0.01733EPSS
Exploits0References2
Rows per page
Query Builder