Lucene search
+L

342 matches found

Cvelist
Cvelist
added 2018/04/12 1:0 a.m.20 views

CVE-2018-0890

A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...

6.7AI score0.04267EPSS
Exploits0References3
CNVD
CNVD
added 2018/04/12 12:0 a.m.9 views

Microsoft Active Directory Security Bypass Vulnerability

Microsoft Windows 10, Windows Server 2016, and Windows Server Version 1709 are all products of Microsoft Corporation, U.S.A. Microsoft Windows 10 is a cross-platform operating system for PCs and laptops, tablets and devices such as cell phones.Windows Server 2016 and Windows Server Version 1709 a...

5.3CVSS6.7AI score0.04267EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2018/04/10 7:0 a.m.23 views

Active Directory Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings. To exploit this vulnerability, an attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could bypass firewall policies appli...

5.3CVSS3.4AI score0.04267EPSS
Exploits0
Kaspersky
Kaspersky
added 2018/04/10 12:0 a.m.219 views

KLA11221 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows . Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service and possibly to bypass security restrictions. Below is a complete list of...

9.3CVSS8.8AI score0.40069EPSS
Exploits10References48
ICS
ICS
added 2018/03/20 12:0 a.m.77 views

Geutebruck IP Cameras

CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit. Vendor: Geutebrück Equipment: IP Cameras Vulnerabilities: Improper Authentication, SQL Injection, Cross-Site Request Forgery, Improper Access Control, Server-Side Request Forgery, Cross-site Scripting AFFECTED PRODUCTS...

9.8CVSS9.8AI score0.07867EPSS
Exploits5References5
ICS
ICS
added 2018/03/01 12:0 a.m.159 views

Delta Electronics Delta Industrial Automation DOPSoft

CVSS v3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Delta Electronics Equipment: Delta Industrial Automation DOPSoft Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following version of Delta Industrial Automation DOPSoft, a human machine interface HMI...

7.8CVSS8.2AI score0.01732EPSS
Exploits0References5
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/02/22 3:28 p.m.68 views

Securing IoT Networks

Q: How do you segment a mesh? A: You can’t. Legacy IoT devices, Industrial Control Systems with custom networking, are exceptionally difficult to secure. Typically, these devices contain only enough compute capabilities to support their primary operational function. They have limited memory, low...

6.7AI score
Exploits0
ICS
ICS
added 2018/02/15 12:0 a.m.63 views

Nortek Linear eMerge E3 Series

CVSS v3 9.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Nortek Equipment: Linear eMerge E3 Series Vulnerability: Command Injection AFFECTED PRODUCTS The following Linear eMerge, an access control interface, versions are affected: Linear eMerge E3 series Versions V0.32-07e...

10CVSS10AI score0.04211EPSS
Exploits0References5
ICS
ICS
added 2018/02/15 12:0 a.m.33 views

Schneider Electric StruxureOn Gateway

CVSS v3 7.2 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: StruxureOn Gateway Vulnerability: Unrestricted Upload of File with Dangerous Type AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following versions of...

9CVSS7.5AI score0.04931EPSS
Exploits0References5
ICS
ICS
added 2018/02/01 12:0 a.m.29 views

Fuji Electric V-Server VPR

CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Fuji Electric Equipment: V-Server VPR Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of V-Server VPR, a data collection and management service, are affected: V-Server VPR 4.0.1.0 a...

9.8CVSS9.9AI score0.03818EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/10/24 12:0 a.m.121 views

Vocran NVR Remote Command Execution

The remote Vocran network video recorder is affected by a remote command execution vulnerability due to improper sanitization of user-supplied input passed via /board.cgi. An unauthenticated remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device...

6AI score
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2017/10/10 7:0 a.m.16 views

Optional Windows NTLM SSO authentication changes

Microsoft is releasing an optional security enhancement to NT LAN Manager NTLM, limiting which network resources various clients in the Windows 10 or the Windows Server 2016 operating systems can use NTLM Single Sign OnSSO as an authentication method. When you deploy the new security enhancement...

6.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/09/20 3:16 p.m.18 views

IoT Device Security At Home

My girlfriend read something that worried her about the security risks posed by Internet of Things IoT devices at home. She had recently purchased a new TV, and she has an older home security system. She asked if her privacy might be at risk. We talked about the kinds of problems an unprotected...

7AI score
Exploits0
ICS
ICS
added 2017/09/14 12:0 a.m.76 views

LOYTEC LVIS-3ME

CVSS v3 8.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: LOYTEC Equipment: LVIS-3ME Vulnerabilities: Relative Path Traversal, Insufficient Entropy, Cross-site Scripting, Insufficiently Protected Credentials AFFECTED PRODUCTS The following versions of LVIS-3ME, an HMI Touch...

8.8CVSS8.5AI score0.0351EPSS
Exploits0References3
Carbon Black Blog
Carbon Black Blog
added 2017/07/24 2:42 p.m.54 views

Avoid the Liability Associated with Running End-of-Life Operating Systems (EOL)

Recent attacks such as WannaCry and NotPetya have demonstrated hackers are more familiar with the vulnerabilities of unsupported systems than many organizations themselves. When new patches are released, attackers easily reverse-engineer the updates and quickly find all the weaknesses in...

6.9AI score
Exploits0
ICS
ICS
added 2017/04/13 12:0 a.m.161 views

Schneider Electric Modicon M221 PLCs and SoMachine Basic

CVSS v3 10.0 ATTENTION: Remotely exploitable/low skill level to exploit. Public exploits are available. Vendor: Schneider Electric Equipment: Modicon M221 PLCs and SoMachine Basic Vulnerability: Use of Hard-Coded Cryptographic Key, Protection Mechanism Failure AFFECTED PRODUCTS Schneider Electric...

9.8CVSS0.2AI score0.03981EPSS
Exploits1References29
ICS
ICS
added 2017/03/02 12:0 a.m.67 views

ICSA-17-061-01_Eaton xComfort Ethernet Communication Interface

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Eaton Equipment: xComfort Ethernet Communication Interface Vulnerability: Improper Access Control AFFECTED PRODUCTS The following versions of xComfort Ethernet Communication Interface ECI, a building automation system...

7.5CVSS7.8AI score0.01262EPSS
Exploits0References2
Node.js
Node.js
added 2016/12/02 4:30 a.m.42 views

Downloads Resources over HTTP

Overview Affected versions of mystem-wrapper insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executi...

9.3CVSS6.2AI score0.01682EPSS
Exploits0Affected Software1
FireEye
FireEye
added 2016/11/30 11:13 p.m.11 views

FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region

In 2012, a suspected Iranian hacker group called the “Cutting Sword of Justice” used malware known as Shamoon – or Disttrack. In mid-November, Mandiant, a FireEye company, responded to the first Shamoon 2.0 incident against an organization located in the Gulf states. Since then, Mandiant has...

7.4AI score
Exploits0
ICS
ICS
added 2016/09/11 6:0 a.m.52 views

Sauter NovaWeb Web HMI Authentication Bypass Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified an authentication bypass vulnerability in Sauter’s NovaWeb web HMI application. Sauter has not produced a mitigation for this vulnerability. This product was discontinued in 2013 and is no longer supported. This vulnerability could be...

8.6CVSS9AI score0.0207EPSS
Exploits0References10
Rows per page
Query Builder