Lucene search
+L

119 matches found

thn
thn
added 2022/04/12 9:19 a.m.50 views

NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation

The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol LDAP Reference Implementation. "NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use...

0.9AI score
Exploits0
cnnvd
cnnvd
added 2022/03/31 12:0 a.m.4 views

GE General Electric Renewable Energy MDS Radios 加密问题漏洞

GE General Electric Renewable Energy MDS Radios are a family of industrial wireless solutions from General Electric GE. GE General Electric Renewable Energy's MDS iNET/iNET II/SD/TD220/TD220MAX Radios are vulnerable to an encryption issue that stems from weaknesses in the wireless security softwa...

9.8CVSS8.3AI score0.0029EPSS
Exploits0References3
thn
thn
added 2022/03/03 9:4 a.m.149 views

Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities

An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposur...

9.8CVSS8.4AI score0.7525EPSS
Exploits6
malwarebytes
malwarebytes
added 2022/02/04 1:9 p.m.32 views

FBI warns of bogus job postings on recruitment sites

Before Christmas was a busy time down at the fake job factory, with all manner of dubious antics out to ruin someone’s day. We’re now info February and the bogus job offers show no sign of abating. In fact, the FBI considers it to be such a problem that its issued an alert. This isn’t your typica...

6.9AI score
Exploits0
cgr
cgr
added 2022/01/19 12:15 p.m.13 views

CVE-2022-21330 vulnerabilities

Vulnerabilities for packages: mysql...

6.3CVSS6.9AI score0.03193EPSS
Exploits0
huntr
huntr
added 2022/01/11 3:0 a.m.12 views

Business Logic Errors in silverstripe/silverstripe-framework

Description SilverStripe Framework is vulnerable to Business Logic Errors in the Failed login count since that value can be a negative number. Proof of Concept 1.After login, go to Security page under the path /admin/security/ 2.Click on any member record 3.In the member edit form, enter a negati...

1.2AI score
Exploits0
thn
thn
added 2021/12/10 11:49 a.m.18 views

1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses

As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said...

0.6AI score
Exploits0
amd
amd
added 2021/11/09 12:0 a.m.48 views

AMD Graphics Driver for Windows 10

Bulletin ID: AMD-SB-1000 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege...

7.8CVSS8.2AI score0.00313EPSS
Exploits0
thn
thn
added 2021/11/01 12:8 p.m.44 views

Critical Flaws Uncovered in Pentaho Business Analytics Software

Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by...

9.8CVSS1.1AI score0.51653EPSS
Exploits18
threatpost
threatpost
added 2021/08/24 7:35 p.m.39 views

Poly Network Recoups $610M Stolen from DeFi Platform

A threat actor called “Mr. White Hat” has returned the $610 million they stole from the decentralized finance platform Poly Network. The breached company did everything from threaten to sic law enforcement on the attacker on up to its ultimate offer: the position of chief security officer in...

7.3AI score
Exploits0References19
thn
thn
added 2021/06/01 12:35 p.m.51 views

Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

Researchers have disclosed significant security weaknesses in popular antivirus software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses. The...

0.8AI score
Exploits0
bdu_fstec
bdu_fstec
added 2021/03/21 12:0 a.m.7 views

The vulnerability of the RabbitMQ messaging broker, related to deficiencies in the security measures used for protecting web page structures, allows attackers to compromise data integrity.

The vulnerability of the RabbitMQ messaging broker is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

6.1CVSS6.4AI score0.03329EPSS
Exploits0References5Affected Software2
bdu_fstec
bdu_fstec
added 2021/03/15 12:0 a.m.6 views

The vulnerability of the `dojox.xmpp.util.xmlEncode` component in the dojox JavaScript library allows a attacker to compromise data integrity.

The vulnerability of the dojox.xmpp.util.xmlEncode component in the dojox JavaScript library is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

5.3CVSS7AI score0.01853EPSS
Exploits1References7Affected Software2
ptsecurity
ptsecurity
added 2021/01/12 12:0 a.m.3 views

PT-2021-1828 · Microsoft · Windows Dns +1

Name of the Vulnerable Software and Affected Versions: Windows DNS versions affected versions not specified Description: The issue is related to weaknesses in the security mechanisms of the Windows DNS server, allowing an attacker to gain unauthorized access to protected information. It enables...

5.5CVSS6.5AI score0.01201EPSS
Exploits0References8
bdu_fstec
bdu_fstec
added 2020/08/19 12:0 a.m.6 views

The vulnerability of the RoundCube Webmail email client, related to deficiencies in the security measures used to protect web page structures, allows attackers to compromise data integrity.

The vulnerability of the RoundCube Webmail email client is related to deficiencies in the security measures used to protect website structures. Exploiting this vulnerability could allow an attacker to compromise the integrity of data...

4.7CVSS6.8AI score0.01038EPSS
Exploits0References6Affected Software3
thn
thn
added 2020/08/07 12:33 p.m.3 views

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the...

5.9AI score
Exploits0
bdu_fstec
bdu_fstec
added 2020/07/03 12:0 a.m.20 views

The vulnerability of the Windows GDI component in Windows operating systems allows attackers to disclose protected information.

The vulnerability of the Windows GDI component in Windows operating systems is related to deficiencies in security mechanisms. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

7.1CVSS6.4AI score0.05249EPSS
Exploits0References2
ics
ics
added 2020/06/30 12:0 p.m.52 views

Publicly Available Tools Seen in Cyber Incidents Worldwide

Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.12345 In it we highlight the use of five publicly available tools, which have been used for malicious purposes in...

10CVSS9.6AI score0.90597EPSS
Exploits6References73
krebs
krebs
added 2020/05/18 3:31 p.m.33 views

This Service Helps Malware Authors Fix Flaws in their Code

Almost daily now there is news about flaws in commercial software that lead to computers getting hacked and seeded with malware. But the reality is most malicious software also has its share of security holes that open the door for security researchers or ne'er-do-wells to liberate or else seize...

7.4AI score
Exploits0
mssecure
mssecure
added 2020/03/05 5:0 p.m.80 views

Human-operated ransomware attacks: A preventable disaster

Human-operated ransomware campaigns pose a significant and growing threat to businesses and represent one of the most impactful trends in cyberattacks today. In these hands-on-keyboard attacks, which are different from auto-spreading ransomware like WannaCry or NotPetya, adversaries employ...

8.4AI score
Exploits0
Rows per page
Query Builder