Lucene search
K

389 matches found

Github Security Blog
Github Security Blog
added 2021/08/25 8:56 p.m.27 views

XSS in mdBook

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

8.2CVSS6.2AI score0.01254EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:48 p.m.79 views

XStream is vulnerable to a Remote Command Execution attack

Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8AI score0.98124EPSS
Exploits6References18Affected Software1
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/07/15 3:21 p.m.92 views

Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware

The Microsoft Threat Intelligence Center MSTIC alongside the Microsoft Security Response Center MSRC has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits CVE-2021-31979 and CVE-2021-33771. Private-sector offensiv...

7.2CVSS0.4AI score0.06255EPSS
Exploits0
ThreatPost
ThreatPost
added 2021/06/23 3:39 p.m.53 views

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

A critical security bug in Palo Alto Networks’ Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug CVE-2021-3044 is an...

9.8CVSS9.7AI score0.01406EPSS
Exploits0References6
seebug.org
seebug.org
added 2021/05/13 12:0 a.m.129 views

Microsoft Azure Virtual Machine信息泄露漏洞(CVE-2021-27075)

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...

2.7CVSS0.1AI score0.01343EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2021/05/11 12:0 a.m.187 views

CVE-2021-26419

Scripting Engine Memory Corruption Vulnerability Recent assessments: architect00 at May 14, 2021 10:33am UTC reported: Details The vulnerability affects Internet Explorer 11 on all Windows Versions. It is located in the jscript9.dll library, which is used to execute javascript. Possible attack...

8.8CVSS9AI score0.24188EPSS
In wildExploits3References3
OSV
OSV
added 2021/01/04 12:0 p.m.26 views

RUSTSEC-2021-0001 XSS in mdBook's search page

This is a cross-post of the official security advisoryml. The official post contains a signed version with our PGP key, as well. ml: https://groups.google.com/g/rustlang-security-announcements/c/3-sO6of29O0 The Rust Security Response Working Group was recently notified of a security issue affecti...

6.1CVSS6.7AI score0.01254EPSS
Exploits0References3
Hewlett-Packard
Hewlett-Packard
added 2020/09/30 12:0 a.m.38 views

HPSBHF03690 rev. 3 - NVIDIA GPU Display Driver September 2020 Security Updates

Potential Security Impact Escalation of Privilege, Code Execution, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY NVIDIA has informed HP of potential security vulnerabilities in the NVIDIA GPU Display Driver...

7.8CVSS1.6AI score0.00376EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/09/22 1:2 p.m.36 views

Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location

A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn't include any personal details such as names or addresses. The...

0.6AI score
Exploits0
MSRC
MSRC
added 2020/09/21 5:0 p.m.22 views

What to Expect When Reporting Vulnerabilities to Microsoft

At the Microsoft Security Response Center’s MSRC, our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers...

1.8AI score
Exploits0
MSRC
MSRC
added 2020/09/21 7:0 a.m.9 views

What to Expect When Reporting Vulnerabilities to Microsoft

At the Microsoft Security Response Center’s MSRC, our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers...

1.6AI score
Exploits0
MSRC
MSRC
added 2020/09/21 7:0 a.m.11 views

What to Expect When Reporting Vulnerabilities to Microsoft

At the Microsoft Security Response Center’s MSRC, our primary mission is to help protect our customers. One of the ways we do this is by working with security researchers to discover security vulnerabilities in our services and products, and then making sure those that pose a threat to customers...

6.9AI score
Exploits0
HackRead
HackRead
added 2020/09/12 1:0 p.m.31 views

New Twitter phishing scam inspired from Twitter’s latest security response

By Sudais Asif Crooks are using the July 15th's cyberattack on Twitter to carry out phishing scam designed to steal the login credentials of unsuspected users. This is a post from HackRead.com Read the original post: New Twitter phishing scam inspired from Twitters latest security response...

1.7AI score
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2020/08/06 12:0 a.m.57 views

HPSBHF03681 rev. 2 - Intel® Graphics Drivers August 2020 Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities in some Intel® Graphics Drivers which may allow escalation of privilege and/...

7.1CVSS1.9AI score0.00369EPSS
Exploits0
MSRC
MSRC
added 2020/07/15 5:0 p.m.24 views

Top MSRC 2020 Q2 Security Researchers Announced – Congratulations!

We are excited to announce the top contributing researchers for the 2020 Second Quarter Q2! Congratulations to all the researchers who continue to rock the leaderboard, and a big thank you to everyone for your contribution to securing our customers and the ecosystem. The top three researchers of...

2.9AI score
Exploits0
MSRC
MSRC
added 2020/04/29 3:35 p.m.39 views

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...

2.3AI score
Exploits0
ThreatPost
ThreatPost
added 2020/04/08 8:50 p.m.89 views

PowerPoint ‘Weakness’ Opens Door to Malicious Mouse-Over Attack

A researcher is sounding the alarm over what he believes could be a novel attack vector which allows a hacker to manipulate a PowerPoint file to download and begin the installation of malware, simply by hovering over a hypertext link. The technique does require a victim to accept one pop-up...

7AI score
Exploits0References6
MSRC
MSRC
added 2020/03/18 7:0 a.m.11 views

[サイバーセキュリティ月間2020] マイクロソフトのセキュリティに関する情報発信サイトのまとめ

わたしたちセキュリティレスポンスチームは、日本政府が定める「サイバーセキュリティ月間」に賛同し、本ブ...

0.3AI score
Exploits0
MSRC
MSRC
added 2020/03/10 4:59 p.m.33 views

March 2020 security updates are available

We have released the March security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. The post March 2020...

2.8AI score
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2020/02/27 12:0 a.m.45 views

HPSBHF03657 rev. 3 - NVIDIA GPU Display Driver February 2020 Security Updates

Potential Security Impact Denial of Service, Escalation of Privileges, Code Execution, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: NVIDIA VULNERABILITY SUMMARY NVIDIA has informed HP of potential security vulnerabilities in the NVIDIA GPU Display Driver...

8.4CVSS2.6AI score0.0037EPSS
Exploits0
Rows per page
Query Builder