Lucene search
K

125 matches found

Talos Blog
Talos Blog
added 2020/10/15 11:0 a.m.28 views

Threat Source newsletter (Oct. 15, 2020)

Newsletter compiled by Jon Munshaw.Good afternoon, Talos readers. In our latest entry into our election security series, we’re turning our attention to the professionals who are responsible for securing our elections. After months of research, we’ve compiled a series of recommendations for local,...

0.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/10/08 11:0 a.m.27 views

Threat Source newsletter for Oct. 8, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We’ve been writing and talking about election security a ton lately. And as the U.S. presidential election draws closer, we decided it was time to summarize some things. So, we released this blog post with our formal recommendatio...

2AI score
Exploits0
FreeBSD
FreeBSD
added 2020/09/29 12:0 a.m.29 views

zeek -- Vulnerability due to memory leak

Jon Siwek of Corelight reports: This release fixes the following security issue: A memory leak in multipart MIME code has potential for remote exploitation and cause for Denial of Service via resource exhaustion...

2.8AI score
Exploits0References1
Talos Blog
Talos Blog
added 2020/07/02 9:8 a.m.18 views

Threat Source newsletter for June 25, 2020

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We recently decided to replace our use of the terms "blacklist" and "whitelist" with "block list" and "allow list.” Even though these terms are commonly in use in the security industry, we will not go along with casually assigning...

2.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/05/28 11:0 a.m.24 views

Threat Source newsletter for May 28, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We need to start things off by wishing a Happy Birthday to Beers with Talos! The first episode was released on May 12, 2017. To celebrat...

Exploits0
Oracle linux
Oracle linux
added 2020/05/13 12:0 a.m.57 views

kernel security and bug fix update

4.18.0-193.1.22.OL8 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 4.18.0-193.1.22 - net netlabel: cope with NULL catmap Paolo Abeni 1827249...

7CVSS0.2AI score0.03097EPSS
Exploits1
Talos Blog
Talos Blog
added 2020/05/07 11:0 a.m.22 views

Threat Source newsletter for May 7, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. With all of us working from home, Beers with Talos episodes are coming out faster than ever. This week, we have an actual episode with...

0.3AI score
Exploits0
Talos Blog
Talos Blog
added 2020/04/16 11:14 a.m.25 views

Threat Source newsletter for April 16, 2020

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. It’s what — week 5 of this quarantine in the U.S.? Week 6? We’ve lost count. And so did the Beers with Talos guys. But lucky for you, th...

0.2AI score
Exploits0
Talos Blog
Talos Blog
added 2020/04/14 11:24 a.m.28 views

Vulnerability Spotlight: Information disclosure vulnerability in Microsoft Media Foundation

Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Microsoft Media Foundation contains an information disclosure vulnerability that could allow an attacker to eventually remotely execute code on the victim machine. Media Foundation is a COM-based multimedia...

2.5AI score
Exploits0
Talos Blog
Talos Blog
added 2020/04/02 11:0 a.m.28 views

Threat Source newsletter (April 2, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. As long as COVID-19 is in the headlines which is going to be a long time actors are going to try and capitalize. We fully expect to see ...

0.2AI score
Exploits0
NVD
NVD
added 2020/04/01 9:15 p.m.25 views

CVE-2020-10948

Jon Hedley AlienForm2 typically installed as af.cgi or alienform.cgi 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests...

10CVSS9.6AI score0.0668EPSS
Exploits1References1
Prion
Prion
added 2020/04/01 9:15 p.m.18 views

Design/Logic Flaw

Jon Hedley AlienForm2 typically installed as af.cgi or alienform.cgi 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests...

10CVSS9.5AI score0.0668EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/04/01 8:11 p.m.51 views

CVE-2020-10948

The CVE-2020-10948 entry concerns Jon Hedley’s AlienForm2 (AlienForm CGI, typically af.cgi or alienform.cgi) v2.0.2, which is vulnerable to Remote Command Execution via eval injection. The vulnerability is unauthenticated and exploitable by remote attackers through crafted requests; this is descr...

10CVSS9.5AI score0.0668EPSS
Exploits1References1Affected Software1
Talos Blog
Talos Blog
added 2020/03/12 11:0 a.m.29 views

Threat Source newsletter (March 12, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Obviously, COVID-19 is dominating headlines everywhere, and for good reason. We hope everyone out there is staying safe and healthy and...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/03/05 11:0 a.m.35 views

Threat Source newsletter (March 5, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. Sure, all anyone wants to talk about is coronavirus. But what about cyber security? We’ve still got cool stuff, like this huge write-up ...

1AI score
Exploits0
Talos Blog
Talos Blog
added 2020/02/27 11:0 a.m.31 views

Threat Source newsletter (Feb. 27, 2020)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We know we’ve kept you waiting for a while, but the new Snort Resources page is finally here. We’ve got new and improved documentation,...

0.7AI score
Exploits0
Talos Blog
Talos Blog
added 2020/01/10 7:13 a.m.122 views

Threat Source newsletter (Jan. 9, 2019)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. We’re back after a long break for the holidays. And 2020 is already off to a fast start as tensions continue to rise in the Middle East...

10CVSS0.92835EPSS
Exploits24
NVD
NVD
added 2019/11/08 12:15 a.m.20 views

CVE-2008-5083

In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON...

6.5CVSS6.4AI score0.00868EPSS
Exploits0References2
CVE
CVE
added 2019/11/07 11:18 p.m.51 views

CVE-2008-5083

CVE-2008-5083 affects Red Hat JBoss ON (JBoss ON) 2.1.x prior to 2.1.2 SP1. The issue allows an authenticated user to obtain unauthorized security information about private resources managed by JBoss ON, due to an information disclosure vulnerability in the product’s access controls. The provided...

6.5CVSS6.4AI score0.00868EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/07 11:18 p.m.21 views

CVE-2008-5083

In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON...

6.4AI score0.00868EPSS
Exploits0References2
Rows per page
Query Builder