Lucene search
K

219 matches found

Gentoo Linux
Gentoo Linux
added 2024/05/12 12:0 a.m.23 views

Rebar3: Command Injection

Background A sophisticated build-tool for Erlang projects that follows OTP principles. Description Rebar3 is vulnerable to OS command injection via the URL parameter of a dependency specification. Impact A vulnerability has been discovered in Rebar3. Please review the CVE identifier referenced...

10CVSS7.7AI score0.0675EPSS
Exploits3
Microsoft Secure
Microsoft Secure
added 2024/05/03 2:55 p.m.13 views

Security above all else—expanding Microsoft’s Secure Future Initiative

Last November, we launched the Secure Future Initiative SFI to prepare for the increasing scale and high stakes of cyberattacks. SFI brings together every part of Microsoft to advance cybersecurity protection across our company and products. Since then, the threat landscape has continued to rapid...

7.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/04/16 12:0 a.m.26 views

Spring Framework 6.2.0-M1: Overriding Beans in Tests

Spring Framework 6.2.0-M1 has been released, including changes that resolve more than one hundred issues. Among those are a range of new features in Spring's testing support. In this post, I’d like to walk you through one of these new testing features: Bean Overriding support. The previous state ...

7.2AI score
Exploits0
OSV
OSV
added 2024/03/06 10:58 a.m.9 views

BIT-MAGENTO-2021-28583 Magento Commerce insecure storage of sensitive documentation

Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by a Violation of Secure Design Principles vulnerability in RMA PDF filename formats. Successful exploitation could allow an attacker to get unauthorized access to restricted resources...

7.5CVSS5.8AI score0.01897EPSS
Exploits0References2
CISA
CISA
added 2024/02/08 12:0 p.m.4 views

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security

Today, CISA partnered with the Open Source Security Foundation OpenSSF Securing Software Repositories Working Group to publish the Principles for Package Repository Securitylink is external framework. Recognizing the critical role package repositories play in securing open source software...

7.1AI score
Exploits0References5
Microsoft Secure
Microsoft Secure
added 2023/12/05 5:0 p.m.33 views

Microsoft Incident Response lessons on preventing cloud identity compromise

Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period in 2022. Threat actors leverage compromised identities to achieve a significant level of access t...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/27 1:18 p.m.56 views

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections

A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell SSH protocol is a method for...

7AI score
Exploits0
Fedora
Fedora
added 2023/11/03 6:56 p.m.73 views

[SECURITY] Fedora 39 Update: moodle-4.3-1.fc39

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...

9.8CVSS6AI score0.0193EPSS
Exploits0
CISA
CISA
added 2023/10/20 12:0 p.m.7 views

CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)

Today, the Cybersecurity and Infrastructure Security Agency CISA released a fact sheet on the effort to revise the National Cyber Incident Response Plan NCIRP. Through the Joint Cyber Defense Collaborative JCDC, CISA will work to ensure that the updated NCIRP addresses significant changes in poli...

7AI score
Exploits0References4
CISA
CISA
added 2023/10/16 12:0 p.m.5 views

CISA, NSA, FBI, and International Partners Release Updated Secure by Design Guidance

Today, the U.S. Cybersecurity and Infrastructure Security Agency CISA, National Security Agency NSA, and Federal Bureau of Investigation FBI released an update to Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by- Design and -Default with the following...

7AI score
Exploits0References5
CISA
CISA
added 2023/10/05 12:0 p.m.6 views

NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations

Today, the National Security Agency NSA and Cybersecurity and Infrastructure Security Agency CISA released a joint cybersecurity advisory CSA, NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large...

7AI score
Exploits0References4
Cvelist
Cvelist
added 2023/08/10 1:17 p.m.25 views

CVE-2023-29320 ZDI-CAN-20712: Adobe Acrobat Blacklist Bypass Design flaw

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of th...

7.8CVSS7.8AI score0.04613EPSS
Exploits0References1
Kitploit
Kitploit
added 2023/08/10 12:30 p.m.30 views

Chaos - Origin IP Scanning Utility Developed With ChatGPT

chaos is an 'origin' IP scanner developed by RST in collaboration with ChatGPT. It is a niche utility with an intended audience of mostly penetration testers and bug hunters. An origin-IP is a term-of-art expression describing the final public IP destination for websites that are publicly served...

7.1AI score
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/08/09 12:0 a.m.7 views

The Journey to Zero Trust with Industry Frameworks

Discover the core principles and frameworks of Zero Trust, NIST 800-207 guidelines, and best practices when implementing CISA’s Zero Trust Maturity Model...

7.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/07/04 12:0 a.m.12 views

How to Achieve AWS Operational Excellence in Your Cloud Workload

Explore the Operational Excellence pillar of the AWS Well-Architected Framework and examine best practices and design principles for cloud-based security operations, including CI/CD and risk management...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2023/07/01 12:0 a.m.19 views

Fedora: Security Advisory for moodle (FEDORA-2023-ce24b63b36)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.00825EPSS
Exploits0References2
Fedora
Fedora
added 2023/06/30 1:22 a.m.42 views

[SECURITY] Fedora 38 Update: moodle-4.1.4-1.fc38

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...

7.5CVSS6.7AI score0.00825EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/06/29 4:0 p.m.47 views

Patch me if you can: Cyberattack Series

Many organizations utilize third-party apps for identity security solutions to automate and unburden overtaxed IT admins from tedious tasks that employees can perform via self-service without IT assistance. But in September 2021, our researchers observed threat actors exploiting one such...

7.5CVSS7.3AI score0.9896EPSS
Exploits8
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/06/27 12:0 a.m.9 views

The Well-Architected Framework Guide

Discover the six Amazon Web Services AWS pillars by examining best practices and design principles to leverage the cloud in a more efficient, secure, and cost-effective manner...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.11 views

[ H ] No Validation checks for "v" signature in castApprovalBySig

Lines of code Vulnerability details Impact V must correspond according to ECDSA principles values of either 27 or 28. Not checking this will result in an attacker crafting a malicious v value and bypassing any checks, withdrawing funds or accessing the function maliciously. Proof of Concept Craft...

6.9AI score
Exploits0
Rows per page
Query Builder