Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2021/01/15 12:0 a.m.56 views

Apache Releases Security Advisory for Tomcat

The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review the Apache security advisory fo...

4.3CVSS2.2AI score0.22852EPSS
Exploits0References1
CISA
CISA
added 2019/05/14 12:0 a.m.56 views

Facebook Releases Security Advisory for WhatsApp

Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. The Cybersecurity and Infrastructure Security Agency CISA encourages users to review the Facebook Security Advisory for...

7.5CVSS2.6AI score0.39166EPSS
Exploits0References1
CISA
CISA
added 2017/05/24 12:0 a.m.56 views

Samba Releases Security Updates

The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review Samba's Security Announcement and...

10CVSS2.8AI score0.99448EPSS
Exploits24References1
CISA
CISA
added 2012/04/04 12:0 a.m.56 views

Apple Update for Java for OS X Lion and Mac OS X

Apple has released a Java update for the following products to address multiple vulnerabilities: OS X v10.6.8 OS X server v10.6.8 OS X Lion v10.7.3 Lion Server v10.7.3 These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or disclose sensitive...

5CVSS1.3AI score0.68914EPSS
Exploits6References2
CISA
CISA
added 2022/03/17 12:0 a.m.55 views

ISC Releases Security Advisories for BIND

The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and...

5CVSS2.4AI score0.0325EPSS
Exploits0References4
CISA
CISA
added 2019/06/19 12:0 a.m.55 views

Oracle Releases Security Advisory for WebLogic

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency CISA encourages user...

7.5CVSS2.7AI score0.8883EPSS
Exploits11References1
CISA
CISA
added 2012/08/28 12:0 a.m.55 views

US-CERT Releases Oracle Java JRE 1.7 Security Advisory

US-CERT has released Vulnerability Note VU636312 to address a vulnerability in Oracle Java Runtime Environment JRE 1.7. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. US-CERT encourages users and administrators to review Vulnerability Note VU636312. Thi...

10CVSS2.3AI score0.98536EPSS
Exploits10References3
CISA
CISA
added 2011/02/04 12:0 a.m.55 views

Majordomo Vulnerable to Directory Traversal

US-CERT is aware of a vulnerability affecting Majordomo 2. Exploitation of this vulnerability may allow an attacker to obtain sensitive information that could be used to leverage additional attacks. Reports indicate that this vulnerability affects builds 20110121 and prior. US-CERT encourages use...

6.2AI score
Exploits0References2
CISA
CISA
added 2017/01/25 12:0 a.m.54 views

Google Releases Security Updates for Chrome

Google has released Chrome version 56.0.2924.76 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and apply the...

7.1AI score
Exploits0References1
CISA
CISA
added 2023/10/10 12:0 p.m.52 views

Citrix Releases Security Updates for Multiple Products

Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Citrix security bulletins and apply...

9.4CVSS9.3AI score0.99999EPSS
Exploits15References2
CISA
CISA
added 2021/02/09 12:0 a.m.52 views

Microsoft Releases February 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2021 Security Update Summary and...

7.2AI score
Exploits0References2
CISA
CISA
added 2020/11/02 12:0 a.m.52 views

Oracle Releases Out-of-Band Security Alert

Oracle has released an out-of-band security alert to address a remote code execution vulnerability—CVE-2020-14750—in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA urges user...

7.5CVSS9.4AI score0.9927EPSS
Exploits9References1
CISA
CISA
added 2020/01/08 12:0 a.m.52 views

Mozilla Patches Critical Vulnerability

Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security...

6.8CVSS2.3AI score0.46589EPSS
Exploits7References2
CISA
CISA
added 2019/12/18 12:0 a.m.52 views

Microsoft Releases Information on CVE-2019-1491

Microsoft has released information about CVE-2019-1491, a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information. Microsoft released security updates for this vulnerability as part of its December 2019 Security Updates. The Cybersecurity a...

5.8AI score
Exploits0References3
CISA
CISA
added 2019/10/29 12:0 a.m.52 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...

4.9CVSS2.2AI score0.03515EPSS
Exploits1References3
CISA
CISA
added 2016/10/21 12:0 a.m.52 views

Linux Kernel Vulnerability

US-CERT is aware of a Linux kernel vulnerability known as Dirty COW CVE-2016-5195. Exploitation of this vulnerability may allow an attacker to take control of an affected system. US-CERT recommends that users and administrators review the Red Hat CVE Database, the Canoical Ubuntu CVE Tracker, and...

7.2CVSS2.4AI score0.83524EPSS
Exploits82References3
CISA
CISA
added 2026/05/28 12:0 p.m.51 views

Supply Chain Compromises Impact Nx Console and GitHub Repositories

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development CI/CD pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code VS...

9.8CVSS5.8AI score0.0185EPSS
Exploits1References8
CISA
CISA
added 2021/05/06 12:0 a.m.51 views

CISA Releases Analysis Reports on New FiveHands Ransomware

CISA is aware of a recent, successful cyberattack against an organization using a new ransomware variant, known as FiveHands, that has been used to successfully conduct a cyberattack against an organization. CISA has released AR21-126A: FiveHands Ransomware and MAR-10324784-1.v1: FiveHands...

6.8AI score
Exploits0References4
CISA
CISA
added 2020/05/01 12:0 a.m.51 views

Unpatched Oracle WebLogic Servers Vulnerable to CVE-2020-2883

Oracle has released a blog post warning users that a previously disclosed Oracle WebLogic Server remote code execution vulnerability CVE-2020-2883 is being exploited in the wild. Oracle disclosed the vulnerability and provided software patches in their April 2020 Critical Patch Update; however,...

7.5CVSS9.3AI score0.94928EPSS
Exploits11References2
CISA
CISA
added 2018/11/13 12:0 a.m.51 views

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Adobe Security Bulletins...

6.7AI score
Exploits0References3
CISA
CISA
added 2010/03/29 12:0 a.m.51 views

Microsoft Releases Advance Notification for Out-of-Band Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin. This bulletin will address a vulnerability in Microsoft Internet Explorer 6 and Internet Explorer 7. The notification states that release of this bulletin is...

6.5AI score
Exploits0References3
CISA
CISA
added 2026/01/29 12:0 p.m.50 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-1281link is external Ivanti Endpoint Manager Mobile EPMM Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious...

9.8CVSS5.9AI score0.81231EPSS
Exploits6References6
CISA
CISA
added 2024/07/17 12:0 p.m.50 views

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference XXE Vulnerability CVE-2024-28995 SolarWinds Serv-U Path...

9.8CVSS7.6AI score0.99994EPSS
Exploits36References8
CISA
CISA
added 2022/12/12 12:0 a.m.50 views

Fortinet Releases Security Updates for FortiOS

Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2022-42475 in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators t...

1.9AI score0.99474EPSS
Exploits11References1
CISA
CISA
added 2020/08/11 12:0 a.m.50 views

Microsoft Addresses RCE and Spoofing Vulnerabilities Under Active Exploitation

Microsoft has released security updates to address two vulnerabilities—CVE-2020-1380 and CVE-2020-1464—that are being actively exploited. CVE-2020-1380 is a remote code execution vulnerability affecting Internet Explorer 11, and CVE-2020-1464 is a spoofing vulnerability that affects multiple...

7.6CVSS8AI score0.41131EPSS
Exploits1References2
CISA
CISA
added 2016/06/10 12:0 a.m.50 views

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in NSX, vCNS and vRealize Log Insight. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Security Advisories...

6.9AI score
Exploits0References2
CISA
CISA
added 2021/10/15 12:0 a.m.49 views

Apache Releases Security Advisory for Tomcat  

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition. CISA encourages users and administrators to review Apache’s security advisory for...

5CVSS2.2AI score0.10997EPSS
Exploits0References1
CISA
CISA
added 2019/10/31 12:0 a.m.49 views

Google Releases Security Updates for Chrome

Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities CVE-2019-13720 was detected in exploits in the wild. The Cybersecurity and...

6.8CVSS1.8AI score0.72977EPSS
Exploits4References1
CISA
CISA
added 2019/06/20 12:0 a.m.49 views

Apache Releases Security Advisory for Apache Tomcat

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

5CVSS2.2AI score0.72988EPSS
Exploits0References1
CISA
CISA
added 2018/01/11 12:0 a.m.49 views

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisori...

10CVSS0.8AI score0.29462EPSS
Exploits0References14
CISA
CISA
added 2024/01/17 12:0 p.m.48 views

VMware Releases Security Advisory for Aria Automation

VMware released a security advisory to address a vulnerability CVE-2023-34063 in Aria Automation. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2024-0001link is external...

9.9CVSS7AI score0.00949EPSS
Exploits0References1
CISA
CISA
added 2023/07/17 12:0 p.m.48 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36884 Microsoft Office and Windows HTML Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors...

7.5CVSS7.8AI score0.98998EPSS
Exploits3References6
CISA
CISA
added 2022/11/01 12:0 a.m.48 views

OpenSSL Releases Security Update

OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, "can...

3.4AI score0.92488EPSS
Exploits6References4
CISA
CISA
added 2022/09/29 12:0 a.m.48 views

VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere

VMWare has released Protecting vSphere From Specialized Malware, addressing malware artifacts known as VirtualPITA ESXi & Linux, VirtualPIE ESXi, and VirtualGATE Windows, which are used to exploit and gain persistent access to instances of ESXi. CISA urges organizations employing VMWare ESXi to...

0.7AI score
Exploits0References4
CISA
CISA
added 2022/07/27 12:0 a.m.48 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba Security Announcements and...

2.4AI score0.01064EPSS
Exploits0References5
CISA
CISA
added 2022/07/22 12:0 a.m.48 views

Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138

Atlassian has released a security advisory to address a vulnerability CVE-2022-26138 affecting Questions for Confluence App. An attacker could exploit this vulnerability to obtain sensitive information. Atlassian reports that the vulnerability is likely to be exploited in the wild. CISA encourage...

3.1AI score0.9817EPSS
Exploits1References1
CISA
CISA
added 2019/04/14 12:0 a.m.48 views

Apache Releases Security Updates for Apache Tomcat

The Apache Software Foundation has released Apache Tomcat versions 7.0.94, 8.5.40, and 9.0.19 to address a vulnerability. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

9.3CVSS2.9AI score0.99652EPSS
Exploits10References1
CISA
CISA
added 2019/04/01 12:0 a.m.48 views

MS-ISAC Releases Security Primer on LockerGoga Ransomware

The Multi-State Information Sharing & Analysis Center MS-ISAC has released a Security Primer on LockerGoga Ransomware—a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware can be devastating to an individual or an...

6.6AI score
Exploits0References4
CISA
CISA
added 2015/02/24 12:0 a.m.48 views

Samba Remote Code Execution Vulnerability

Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon smbd. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users and administrators...

10CVSS2.9AI score0.87636EPSS
Exploits7References5
CISA
CISA
added 2022/02/22 12:0 a.m.47 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types an...

5.1CVSS1.8AI score0.95683EPSS
Exploits10References5
CISA
CISA
added 2022/02/01 12:0 a.m.47 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba security announcements as wel...

9CVSS2.3AI score0.7372EPSS
Exploits1References4
CISA
CISA
added 2020/12/08 12:0 a.m.47 views

Apache Releases Security Update for Apache Struts 2

The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.0.0 to 2.5.25. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users...

7.5CVSS3.1AI score0.95922EPSS
Exploits11References2
CISA
CISA
added 2020/07/14 12:0 a.m.47 views

Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server

Microsoft has released a security update to address a remote code execution RCE vulnerability—CVE-2020-1350—in Windows DNS Server. A remote attacker could exploit this vulnerability to take control of an affected system. This is considered a “wormable” vulnerability that affects all Windows Serve...

10CVSS9.4AI score0.92178EPSS
Exploits21References2
CISA
CISA
added 2017/12/07 12:0 a.m.47 views

Microsoft Releases Security Updates for its Malware Protection Engine

Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review Microsoft's Advisory and...

9.3CVSS7.2AI score0.28327EPSS
Exploits0References1
CISA
CISA
added 2026/02/17 12:0 p.m.46 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2008-0015link is external Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability CVE-2020-7796link is external Synacor Zimbra Collaboratio...

9.8CVSS5.8AI score0.85416EPSS
Exploits22References9
CISA
CISA
added 2021/11/12 12:0 a.m.46 views

Palo Alto Networks Release Security Updates for PAN-OS

Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces. These updates address a vulnerability that only affects old versions of PAN-OS 8.1.16 and earlier. An unauthenticated attacker wit...

10CVSS9AI score0.19087EPSS
Exploits1References1
CISA
CISA
added 2021/03/02 12:0 a.m.46 views

Apache Releases Security Advisory for Tomcat

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Apache Tomcat 9.0. An attacker could exploit this vulnerability to access sensitive information. CISA encourages users and administrators to review the Apache security advisory for...

2AI score0.18114EPSS
Exploits1References1
CISA
CISA
added 2019/06/13 12:0 a.m.46 views

Exim Releases Security Patches

Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency CIS...

10CVSS2.2AI score0.99961EPSS
Exploits27References1
CISA
CISA
added 2026/05/06 12:0 p.m.45 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-0300link is external Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

9.8CVSS6AI score0.32074EPSS
Exploits6References6
CISA
CISA
added 2022/04/01 12:0 a.m.45 views

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities—CVE-2022-22674 and CVE-2022-22675—in multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected device. These vulnerabilities have been detected in exploits in the wild. CISA encourages...

9.3CVSS1.9AI score0.12642EPSS
Exploits0References2
Total number of security vulnerabilities4188