Lucene search
+L
CisaMost viewed

4188 matches found

cisa
cisa
added 2011/08/04 12:0 a.m.13 views

Apple Releases QuickTime 7.7

Apple has released QuickTime 7.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple Support Article HT4826 and apply any necessary updates to...

7.8AI score
Exploits0References1
cisa
cisa
added 2011/08/03 12:0 a.m.13 views

WordPress Themes Vulnerability

TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site. US-CERT encourages users and administrators to: determine if any hosted blogs use TimThumb by...

7.2AI score
Exploits0References1
cisa
cisa
added 2011/06/28 12:0 a.m.13 views

Google Releases Chrome 12.0.742.112

Google released Chrome 12.0.742.112 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. This update also contains an updated version of Adobe Flash. US-CERT encourages users and...

7.7AI score
Exploits0References1
cisa
cisa
added 2011/06/22 12:0 a.m.13 views

Mozilla Releases Firefox 5 and 3.6.18

The Mozilla Foundation has released Firefox 5 and Firefox 3.6.18 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, violate the same origin policy, or perform a cross-site scripting attack. US-CERT encourages users and administrators to...

7AI score
Exploits0References2
cisa
cisa
added 2011/06/10 12:0 a.m.13 views

Adobe Releases Security Bulletin for Adobe Reader and Acrobat

Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Reader 10.0.1 and earlier versions for Windows, Adobe Reader 10.0.3 and earlier versions of Macintosh, and Adobe Acrobat 10.0.3 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities...

7.9AI score
Exploits0References1
cisa
cisa
added 2011/06/06 12:0 a.m.13 views

VMware Releases Security Advisory

VMware has released security advisory VMSA-2011-0009 to address multiple vulnerabilities in the following products: VMware Workstation 7.1.3 and earlier VMware Player 3.1.3 and earlier VMware Fusion 3.1.2 and earlier ESXi 4.1 without patch ESXi410-201104402-BG ESXi 4.0 without patch...

7.7AI score
Exploits0References2
cisa
cisa
added 2011/05/25 12:0 a.m.13 views

Google Chrome Releases 11.0.696.71

Google has released Chrome 11.0.696.71 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

7.6AI score
Exploits0References1
cisa
cisa
added 2011/04/29 12:0 a.m.13 views

Mozilla Releases Firefox updates

Mozilla has released Firefox 4.0.1, 3.6.17, and 3.5.19 to address multiple vulnerabilities. The impact of these vulnerabilities includes arbitrary code execution, privilege escalation, directory traversal, and information disclosure. US-CERT encourages users and administrators to review the Mozil...

7.6AI score
Exploits0References1
cisa
cisa
added 2011/04/29 12:0 a.m.13 views

Video Game Phishing

US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that a...

6.6AI score
Exploits0References3
cisa
cisa
added 2011/03/23 12:0 a.m.13 views

Fraudulent SSL Certificates

US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates. Mozil...

6.5AI score
Exploits0References3
cisa
cisa
added 2011/03/22 12:0 a.m.13 views

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address a vulnerability in the authplay.dll component. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe...

7.4AI score
Exploits0References1
cisa
cisa
added 2011/03/11 12:0 a.m.13 views

Japan Earthquake and Tsunami Disaster Email Scams, Fake Antivirus and Phishing Attack Warning

US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in th...

6.6AI score
Exploits0References5
cisa
cisa
added 2011/03/03 12:0 a.m.13 views

Microsoft Releases Advance Notification for March Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its March release will contain three bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Windows. The remaining two bulletins will have the severity rating of important...

6.6AI score
Exploits0References1
cisa
cisa
added 2011/03/01 12:0 a.m.13 views

Google Releases Chrome 9.0.597.107

Google has released Chrome 9.0.597.107 for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome...

7.9AI score
Exploits0References1
cisa
cisa
added 2011/02/28 12:0 a.m.13 views

Cisco Releases Multiple Security Advisories

Cisco has released six security advisories to address vulnerabilities in multiple Cisco products. Security advisory cisco-sa-20110223-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. Successful exploitation of these vulnerabilities could cause a...

7.7AI score
Exploits0References7
cisa
cisa
added 2011/02/09 12:0 a.m.13 views

RealNetworks, Inc. Releases Security Updates for RealPlayer

RealNetworks, Inc. has released security updates to address a vulnerability affecting Windows RealPlayer 14.0.1 and earlier versions and RealPlayer Enterprise 2.1.4 and earlier versions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the...

7.6AI score
Exploits0References1
cisa
cisa
added 2011/02/07 12:0 a.m.13 views

Google Releases Chrome 9.0.597.84

Google has released Chrome 9.0.597.84 for all platforms to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry an...

7.9AI score
Exploits0References1
cisa
cisa
added 2010/12/20 12:0 a.m.13 views

Microsoft Releases Blog Entry Regarding Recent Outlook 2007 Update

The Microsoft Outlook product team has posted a blog entry to inform users of several issues related to the Outlook 2007 update KB2412171 that was released on December 14. The product team has identified these issues as: Outlook fails to connect if Secure Password Authentication SPA is configured...

6.6AI score
Exploits0References2
cisa
cisa
added 2010/12/13 12:0 a.m.13 views

RealNetworks Releases Security Update for RealPlayer

RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks notice released on December 10, 2010 and appl...

7.8AI score
Exploits0References1
cisa
cisa
added 2010/12/09 12:0 a.m.13 views

WordPress Releases Version 3.0.3

WordPress has released WordPress 3.0.3 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.0.3 and apply any necessary updates to hel...

6.9AI score
Exploits0References1
cisa
cisa
added 2010/12/01 12:0 a.m.13 views

VMware Releases Security Patch for ESX

VMware has released a security patch for ESX to address a vulnerability. Exploitation of this vulnerability may allow a local user to gain additional privileges on the affected system. US-CERT encourages users and administrators to review VMware knowledgebase article 1029397 and apply any necessa...

6.9AI score
Exploits0References1
cisa
cisa
added 2010/10/25 12:0 a.m.13 views

Linux Root Access Vulnerabilities

US-CERT is aware of public reports of multiple vulnerabilities affecting Linux. Exploitation of these vulnerabilities may allow an attacker to access the system with root or "superuser" privileges. The first of these vulnerabilities is due to a flaw in the implementation of the Reliable Datagram...

7.2AI score
Exploits0
cisa
cisa
added 2010/10/20 12:0 a.m.13 views

Google Releases Chrome 7.0.517.41

Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions. US-CERT encourages users and...

7.7AI score
Exploits0References1
cisa
cisa
added 2010/09/14 12:0 a.m.13 views

Adobe Releases Security Advisory for Flash Player

Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Flash Player. This vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. Exploitation of this vulnerability...

7.5AI score
Exploits0References6
cisa
cisa
added 2010/09/13 12:0 a.m.13 views

Adobe Releases Security Advisory for Vulnerability in Reader and Acrobat

Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that this vulnerability is being actively exploited...

7.5AI score
Exploits0References2
cisa
cisa
added 2010/09/08 12:0 a.m.13 views

Mozilla Releases Firefox 3.6.9

The Mozilla Foundation has released Firefox 3.6.9 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, leverage cross-site scripting attacks, or cause a denial-of-service condition. The Mozilla Foundation has als...

7.1AI score
Exploits0References1
cisa
cisa
added 2010/09/03 12:0 a.m.13 views

Apple Releases iTunes 10

Apple has released iTunes 10 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4328 and apply any...

7.8AI score
Exploits0References1
cisa
cisa
added 2010/08/24 12:0 a.m.13 views

Microsoft Releases Security Advisory

Microsoft has released a security advisory indicating that it is aware of a remote attack vector for a class of vulnerabilities related to how applications load external dynamic link libraries DLLs. If an application does not securely load DLL files, an attacker may be able to cause the applicati...

7.2AI score
Exploits0References3
cisa
cisa
added 2010/08/11 12:0 a.m.13 views

Adobe Releases Security Update for Flash Player

Adobe has released Flash Player 10.1.82.76 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. This vulnerability also affects Adobe Air 2.0.2.12310 and earlier versions. US-CERT encourages users and...

7.7AI score
Exploits0References2
cisa
cisa
added 2010/08/06 12:0 a.m.13 views

Foxit Releases Foxit Reader 4.1.1.0805

Foxit has released Foxit Reader 4.1.1.0805 to address a vulnerability associated with the improper rendering of PDF documents. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the security release notes for...

7.3AI score
Exploits0References2
cisa
cisa
added 2010/07/09 12:0 a.m.13 views

Oracle Critical Patch Update Pre-Release Announcement

Oracle has issued a critical patch update pre-release announcement indicating that its July release will contain 59 new vulnerability fixes. Release of the critical patch update is scheduled for Tuesday, July 13, 2010. US-CERT encourages users and administrators to review the pre-release...

6.7AI score
Exploits0References2
cisa
cisa
added 2010/06/29 12:0 a.m.14 views

Adobe Releases Update for Adobe Reader and Adobe Acrobat

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect the following versions: Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh Exploitation of...

7.9AI score
Exploits0References1
cisa
cisa
added 2010/06/16 12:0 a.m.13 views

Apple Releases Security Update 2010-004 and Mac OS X v10.6.4

Apple has released Security Update 2010-004 and Mac OS X v10.6.4 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, operate with elevated privileges, conduct...

6.8AI score
Exploits0References4
cisa
cisa
added 2010/06/10 12:0 a.m.13 views

Microsoft Windows Help and Support Center Vulnerability

US-CERT is aware of a vulnerability affecting the Mircosoft Windows Help and Support Center. This vulnerability is due to improper sanitization of hcp:// URIs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands. US-CERT encourages users a...

7.3AI score
Exploits0References1
cisa
cisa
added 2010/04/30 12:0 a.m.13 views

Opera Software Releases Opera 10.53

Opera Software has released Opera 10.53 to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Opera Software security advisory related to this vulnerability and upgrade to Opera 10....

7.5AI score
Exploits0References3
cisa
cisa
added 2010/04/02 12:0 a.m.13 views

VMware Releases Security Advisory for ESX Service Console Updates

VMware has released a security advisory to address vulnerabilities in the Samba and acpid packages of ESX Service Console. These vulnerabilities may allow an attacker to cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. US-CERT encourages users and...

6.7AI score
Exploits0References1
cisa
cisa
added 2010/03/29 12:0 a.m.13 views

Apple Releases Security Update 2010-002 and Mac OS X v10.6.3

Apple has released Security Update 2010-002 and Mac OS X v10.6.3 to address multiple vulnerabilities that affect a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, bypass security...

7.6AI score
Exploits0References1
cisa
cisa
added 2010/03/25 12:0 a.m.13 views

Cisco Releases Security Advisories for IOS Software

Cisco has released a bundled publication, which contains seven security advisories, to address multiple vulnerabilities in Cisco IOS Software. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators ...

7.9AI score
Exploits0References1
cisa
cisa
added 2010/03/03 12:0 a.m.13 views

U.S. Census Bureau 2010 Census Campaign Warning

US-CERT asks users to be vigilant during the U.S. Census Bureau's 2010 Census campaign and to watch for potential census scams. According to the U.S. Census 2010 website, they began delivery of the printed census forms to every resident in the United States on March 1, 2010. The only way to...

6.6AI score
Exploits0References5
cisa
cisa
added 2010/01/13 12:0 a.m.13 views

IRS Warns of Online Scams

US-CERT is aware of reports of tax season phishing scams. The U.S. Internal Revenue Service has issued a news release on its website warning consumers about potential scams. These scams are circulating via fraudulent email or other online messages appearing to come from the IRS. They attempt to...

6.8AI score
Exploits0References4
cisa
cisa
added 2010/01/08 12:0 a.m.13 views

VMware Releases Multiple Updates for ESX

VMware has released Security Advisory VMSA-2010-0001 to address multiple vulnerabilities in ESX Service Console packages for Network Security Services NSS and NetScape Portable Runtime NSPR. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a...

7AI score
Exploits0References6
cisa
cisa
added 2026/04/23 12:0 p.m.12 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-39987link is external Marimo Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

9.8CVSS5.9AI score0.95645EPSS
Exploits11References6
cisa
cisa
added 2026/03/26 12:0 p.m.12 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33634link is external Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

9.4CVSS5.9AI score0.60368EPSS
Exploits2References6
cisa
cisa
added 2026/02/12 12:0 p.m.12 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-43468link is external Microsoft Configuration Manager SQL Injection Vulnerability CVE-2025-15556link is external Notepad++ Download of Code Without...

9.8CVSS6AI score0.81624EPSS
Exploits11References9
cisa
cisa
added 2025/12/22 12:0 p.m.12 views

NIST and CISA Release Draft Interagency Report on Protecting Tokens and Assertions from Tampering Theft and Misuse for Public Comment

The Cybersecurity and Infrastructure Security Agency CISA and National Institute of Standards and Technology NIST have released an initial draft of Interagency Report IR 8597 Protecting Tokens and Assertions from Forgery, Theft, and Misuse for public comment through January 30, 2026. This report ...

7AI score
Exploits0References4
cisa
cisa
added 2025/11/25 12:0 p.m.12 views

Fortinet Releases Security Advisory for Relative Path Traversal Vulnerability Affecting FortiWeb Products

CISA has updated this Alert to include an additional vulnerability, CVE-2025-58034, and its relation to CVE-2025-64446, and associated resources. CISA is aware of the exploitation of two vulnerabilities, CVE-2025-64446link is external and CVE-2025-58034link is external, in Fortinet FortiWeb, a we...

9.8CVSS9.2AI score0.8936EPSS
Exploits20References12
cisa
cisa
added 2025/11/14 12:0 p.m.12 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-64446link is external Fortinet FortiWeb Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and...

9.8CVSS6.9AI score0.8936EPSS
Exploits17References6
cisa
cisa
added 2025/10/23 12:0 p.m.12 views

CISA Releases Eight Industrial Control Systems Advisories

CISA released eight Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-296-01 AutomationDirect Productivity Suite ICSA-25-296-02 ASKI Energy ALS-Mini-S8 and ALS-Mini-S4...

6.6AI score
Exploits0References8
cisa
cisa
added 2025/10/20 12:0 p.m.12 views

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2022-48503link is external Apple Multiple Products Unspecified Vulnerability CVE-2025-2746link is external Kentico Xperience Staging Sync Server Digest Passwor...

9.8CVSS6.6AI score0.97788EPSS
Exploits15References10
cisa
cisa
added 2025/08/06 12:0 p.m.12 views

UPDATE: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities

Update 08/06/2025: CISA released a Malware Analysis Report MAR on six files related to CVE-2025-49704link is external, CVE-2025-49706link is external, CVE-2025-53770link is external, and CVE-2025-53771link is external. For more information see MAR-251132.c1.v1 Exploitation of SharePoint...

8.8CVSS8.2AI score0.99907EPSS
Exploits9References24
Total number of security vulnerabilities4188