Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
•added 2014/07/22 12:0 a.m.•16 views

CPNI Releases Paper on Improving Defenses Against Targeted Attack

The United Kingdom's Centre for the Protection of National Infrastructure CPNI has released a report on its “Improving Defenses Against Targeted Attack" iDATA cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by natio...

6.8AI score
Exploits0References1
CISA
CISA
•added 2014/07/10 12:0 a.m.•16 views

Microsoft Releases Security Advisory for Improperly Issued Digital Certificates

Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Users and administrators are...

6.4AI score
Exploits0References1
CISA
CISA
•added 2014/07/08 12:0 a.m.•16 views

Adobe Releases Security Updates for Flash Player and Air

Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Flash Player 14.0.0.145 for Windows,...

7AI score
Exploits0References1
CISA
CISA
•added 2014/06/05 12:0 a.m.•16 views

OpenSSL Releases Security Advisory

OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code. The following updates are available: OpenSSL 0.9.8 SSL/TLS users shoul...

7.2AI score
Exploits0References2
CISA
CISA
•added 2014/04/28 12:0 a.m.•16 views

Microsoft Internet Explorer Use-After-Free Vulnerability Guidance

US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution. US-CERT recommends that users and administrators review Microsoft Security Advisory...

7.2AI score
Exploits0References2
CISA
CISA
•added 2014/02/21 12:0 a.m.•16 views

Apple Releases Security Updates for iOS devices and Apple TV

Apple has released updates for iOS and Apple TV devices to address a vulnerability that allows an attacker with a privileged network position to capture or modify data in protected SSL/TLS sessions. Updates are available: iOS 6.1.6 for iPhone 3GS and iPod touch 4th generation. iOS 7.0.6 for iPhon...

6.5AI score
Exploits0References3
CISA
CISA
•added 2014/02/20 12:0 a.m.•16 views

Security Updates Available for Adobe Flash Player

Adobe has released security updates to address a vulnerability in Adobe Flash Player 12.0.0.44 or earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 or earlier versions for Linux. Exploitation of this vulnerability could allow an attacker to take control of an affected...

6.7AI score
Exploits0References1
CISA
CISA
•added 2013/10/18 12:0 a.m.•16 views

Reports of D-Link Router Backdoor

US-CERT is aware of reports that the firmware for various D-Link routers contains a backdoor that allows unauthenticated remote users to bypass the routers' password authentication mechanism. An unauthenticated remote attacker can take any action as an administrator using the remote management we...

7.4AI score
Exploits0References2
CISA
CISA
•added 2013/10/03 12:0 a.m.•16 views

Microsoft Releases Advance Notification for October Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, an...

6.7AI score
Exploits0References1
CISA
CISA
•added 2013/05/16 12:0 a.m.•16 views

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 21.0 Firefox ESR 17.0.6 Thunderbird 17.0.6 Thunderbird ESR 17.0.6 These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtai...

7.6AI score
Exploits0References4
CISA
CISA
•added 2013/03/05 12:0 a.m.•16 views

Google Releases Google Chrome 25.0.1364.152

Google has released Google Chrome 25.0.1364.152 for Windows, Linux, and Mac to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security features, or cause a denial-of-service condition. US-CERT encourages users and administrators to...

7.6AI score
Exploits0References1
CISA
CISA
•added 2012/09/28 12:0 a.m.•16 views

Adobe Releases Security Bulletin About Code Signing Certificate

Adobe has released a security bulletin to address an issue with a current Adobe code signing certificate. The certificate to be revoked has been used to sign malicious code. The certificate will be revoked on October 4, 2012 for all software code signed after July 10, 2012. Adobe is issuing a new...

7AI score
Exploits0References1
CISA
CISA
•added 2012/07/12 12:0 a.m.•16 views

Microsoft Releases a Security Advisory for Microsoft Digital Certificates

Microsoft has released security advisory 2728973 to replace a number of certificates that did not meet Microsoft's high standard of Public-Key Infrastructure PKI management. This update places the intermediate certificate authority CA certificates in the Untrusted Certificate Store and replaces...

6.5AI score
Exploits0References2
CISA
CISA
•added 2012/04/18 12:0 a.m.•16 views

Oracle Releases Critical Patch Update for April 2012

Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. This updates contains the following security fixes: 6 for Oracle Database Server 11 for Oracle Fusion Middleware 6 for Oracle Enterprise Manager Grid Control 4 for Oracle E-Busines...

6.9AI score
Exploits0References1
CISA
CISA
•added 2012/04/05 12:0 a.m.•16 views

Microsoft Releases April Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, Server Software, Developer Tools, and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for April 2012. These vulnerabilities may...

8.1AI score
Exploits0References2
CISA
CISA
•added 2012/01/10 12:0 a.m.•16 views

Phishing Campaign Using Spoofed US-CERT Email Addresses

On January 10, 2012, US-CERT received reports of a phishing campaign that is spoofing US-CERT email to deliver a variant of the Zeus/Zbot Trojan known as Ice-IX. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments...

6.4AI score
Exploits0References3
CISA
CISA
•added 2011/12/08 12:0 a.m.•16 views

Adobe Releases Security Advisory for Adobe Reader and Acrobat

Adobe has released a Security Advisory for Adobe Reader and Acrobat to address a vulnerability affecting the following software versions: Adobe Reader X 10.1.1 and earlier versions for Windows and Macintosh Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and Unix Adobe Acrobat...

6.6AI score
Exploits0References4
CISA
CISA
•added 2011/08/29 12:0 a.m.•16 views

Potential Hurricane Irene Phishing Scams

In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as Hurricane Irene. Users' systems have been compromised by receiving and accessing phishing emails with subject lines that seem...

6.8AI score
Exploits0References4
CISA
CISA
•added 2011/08/17 12:0 a.m.•16 views

Mozilla Releases Firefox 6 and 3.6.20

The Mozilla Foundation has released Firefox 6 and Firefox 3.6.20 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or obtain sensitive information. US-CERT encourages users and administrators to review th...

7.7AI score
Exploits0References2
CISA
CISA
•added 2011/05/16 12:0 a.m.•16 views

Mississippi Flooding Disaster Email Scams, Fake Antivirus, and Phishing Attack Warning

Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash...

6.6AI score
Exploits0References5
CISA
CISA
•added 2011/05/11 12:0 a.m.•16 views

WebGL Security Risks

US-CERT is aware of reports indicating that WebGL contains multiple significant security issues. The impact of these issues includes denial of service, and cross-domain attacks. WebGL is a new web standard that is enabled by default in Firefox 4 and Google Chrome and is included in Safari. US-CER...

7.1AI score
Exploits0References1
CISA
CISA
•added 2011/04/06 12:0 a.m.•16 views

WordPress Releases Version 3.1.1

WordPress has released WordPress 3.1.1 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to conduct cross-site request forgery attacks, conduct cross-site scripting attacks, or cause a denial-of-service condition. US-CERT encourages users and...

6.7AI score
Exploits0References1
CISA
CISA
•added 2011/03/30 12:0 a.m.•16 views

Cisco Releases Security Advisories

Cisco has released a security advisory to address a vulnerability in some versions of Cisco Secure Access Control System ACS. This vulnerability may allow an attacker to change the password of a user account without any previous access to the user's account or knowledge of the account's previous...

7AI score
Exploits0References2
CISA
CISA
•added 2011/02/04 12:0 a.m.•16 views

Adobe Prenotification Security Advisory for Adobe Reader and Acrobat

Adobe had issued a prenotification advisory indicating that it plans to release updates for Adobe Reader and Acrobat to address multiple vulnerabilities. The advisory indicates that updates for Windows and Macintosh will be available on February 8, 2011. An update for UNIX will be available the...

6.7AI score
Exploits0References1
CISA
CISA
•added 2010/11/10 12:0 a.m.•16 views

Adobe Releases Security Update for Flash Media Server

Adobe has released Flash Media Server 4.0.1, 3.5.5, and 3.0.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-27 and apply appropriate updates to help...

7.7AI score
Exploits0References1
CISA
CISA
•added 2010/08/20 12:0 a.m.•16 views

Google Releases Chrome 5.0.375.127

Google has released Chrome 5.0.375.127 for Windows, Mac, and Linux to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or conduct spoofing attacks. US-CERT encourages users and administrators to review th...

7.6AI score
Exploits0References1
CISA
CISA
•added 2010/08/05 12:0 a.m.•16 views

Microsoft Releases Advance Notification for August Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its August release will contain 14 bulletins. Eight bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer, Office, and Silverlight. The remaining six bulletins will hav...

6.6AI score
Exploits0References1
CISA
CISA
•added 2010/08/02 12:0 a.m.•16 views

Microsoft Releases Out-of-Band Security Bulletin to Address Shortcut Vulnerability

Microsoft has released security bulletin MS10-046 to address a critical vulnerability affecting Microsoft Windows. This vulnerability is due to the failure of Microsoft Windows to properly obtain icons for shortcut files. By convincing a user to display a specially crafted shortcut file, a remote...

7.3AI score
Exploits0References6
CISA
CISA
•added 2010/01/14 12:0 a.m.•16 views

Microsoft Releases Security Advisory 979352

Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitatio...

7.1AI score
Exploits0References3
CISA
CISA
•added 2026/04/20 12:0 p.m.•15 views

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2023-27351link is external PaperCut NG/MF Improper Authentication Vulnerability CVE-2024-27199link is external JetBrains TeamCity Relative Path Traversal...

8.2CVSS5.8AI score0.99991EPSS
Exploits28References13
CISA
CISA
•added 2025/12/09 12:0 p.m.•15 views

CISA Releases Three Industrial Control Systems Advisories

CISA released three Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-343-01 Universal Boot Loader U-Boot ICSA-25-343-02 Festo LX Appliance ICSA-25-343-03 Multiple India-Base...

6.6AI score
Exploits0References3
CISA
CISA
•added 2025/12/09 12:0 p.m.•15 views

CISA Adds One Known Exploited Vulnerability to Catalog

Updated December 9, 2025: Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, see React Blog: Critical Security Vulnerability in React Server Componentslink is external. CISA has added one new vulnerability to its...

10CVSS7.8AI score0.99562EPSS
Exploits374References7
CISA
CISA
•added 2025/11/18 12:0 p.m.•15 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-322-01 Schneider Electric EcoStruxure Machine SCADA Expert & Pro-face BLUE Open Studio ICSA-25-322-02 Shel...

6.6AI score
Exploits0References6
CISA
CISA
•added 2025/10/06 12:0 p.m.•15 views

CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2010-3765link is external Mozilla Multiple Products Remote Code Execution Vulnerability CVE-2010-3962link is external Microsoft Internet Explorer Uninitialize...

9.8CVSS7.2AI score0.99722EPSS
Exploits69References12
CISA
CISA
•added 2025/10/02 12:0 p.m.•15 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2014-6278link is external GNU Bash OS Command Injection Vulnerability CVE-2015-7755link is external Juniper ScreenOS Improper Authentication Vulnerability...

10CVSS7.7AI score0.99679EPSS
Exploits80References10
CISA
CISA
•added 2025/07/24 12:0 p.m.•15 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on July 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-205-01 Mitsubishi Electric CNC Series ICSA-25-205-02 Network Thermostat X-Series WiFi...

7AI score
Exploits0References6
CISA
CISA
•added 2025/07/22 12:0 p.m.•15 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-54309link is external CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558link is external Google Chromium ANGLE and GPU Improper Input...

9.8CVSS7.3AI score0.92034EPSS
Exploits10References9
CISA
CISA
•added 2025/01/23 12:0 p.m.•15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-11023link is external JQuery Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pos...

6.9CVSS7.1AI score0.8383EPSS
Exploits6References6
CISA
CISA
•added 2024/12/19 12:0 p.m.•15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-12356link is external BeyondTrust Privileged Remote Access PRA and Remote Support RS Command Injection Vulnerability These types of vulnerabilities are frequent...

9.8CVSS10AI score0.87991EPSS
Exploits8References6
CISA
CISA
•added 2024/10/24 12:0 p.m.•15 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20481link is external Cisco ASA and FTD Denial-of-Service Vulnerability CVE-2024-37383link is external RoundCube Webmail Cross-Site Scripting XSS Vulnerability...

6.1CVSS6.5AI score0.73296EPSS
Exploits5References7
CISA
CISA
•added 2024/10/02 12:0 p.m.•15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29824link is external Ivanti Endpoint Manager EPM SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...

9.6CVSS8.4AI score0.99951EPSS
Exploits5References6
CISA
CISA
•added 2024/09/13 12:0 p.m.•15 views

CISA Releases Analysis of FY23 Risk and Vulnerability Assessments

CISA has released an analysis and infographic detailing the findings from the 143 Risk and Vulnerability Assessments RVAs conducted across multiple critical infrastructure sectors in fiscal year 2023 FY23. The analysis details a sample attack path including tactics and steps a cyber threat actor...

7.2AI score
Exploits0References5
CISA
CISA
•added 2024/08/05 12:0 p.m.•15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-0824 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber...

8.8CVSS7.1AI score0.73185EPSS
Exploits6References6
CISA
CISA
•added 2024/07/29 12:0 p.m.•15 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability CVE-2023-45249 Acronis...

9.8CVSS7.2AI score0.99976EPSS
Exploits11References8
CISA
CISA
•added 2024/06/13 12:0 p.m.•15 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-32896 Android Pixel Privilege Escalation Vulnerability CVE-2024-26169 Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability...

9.8CVSS7.3AI score0.97482EPSS
Exploits14References8
CISA
CISA
•added 2024/05/30 12:0 p.m.•15 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability CVE-2024-1086 Linux Kernel Use-After-Free Vulnerability These types of...

8.6CVSS7.4AI score0.99978EPSS
Exploits68References7
CISA
CISA
•added 2024/05/29 12:0 p.m.•15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4978 Justice AV Solutions JAVS Viewer Installer Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for malicious...

8.7CVSS7.2AI score0.26937EPSS
Exploits1References6
CISA
CISA
•added 2024/04/04 12:0 p.m.•15 views

Ivanti Releases Security Update for Ivanti Connect Secure and Policy Secure Gateways

Ivanti has released security updates to address vulnerabilities in all supported versions 9.x and 22.x of Ivanti Connect Secure and Policy Secure gateways. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encourage...

9.8CVSS7.3AI score0.18987EPSS
Exploits0References1
CISA
CISA
•added 2024/02/29 12:0 p.m.•15 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-29360 Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber acto...

8.4CVSS7AI score0.22133EPSS
Exploits2References6
CISA
CISA
•added 2024/01/11 12:0 p.m.•15 views

Juniper Networks Releases Security Bulletin for Junos OS and Junos OS Evolved

Juniper Networks has released a security advisory to address a vulnerability CVE-2024-21611 in Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the Juniper Advisory...

7.5CVSS6.9AI score0.00586EPSS
Exploits0References1
Total number of security vulnerabilities4188