4188 matches found
Apache Releases Security Advisory for Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review the Apache security advisory fo...
Facebook Releases Security Advisory for WhatsApp
Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device. The Cybersecurity and Infrastructure Security Agency CISA encourages users to review the Facebook Security Advisory for...
Samba Releases Security Updates
The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review Samba's Security Announcement and...
Apple Update for Java for OS X Lion and Mac OS X
Apple has released a Java update for the following products to address multiple vulnerabilities: OS X v10.6.8 OS X server v10.6.8 OS X Lion v10.7.3 Lion Server v10.7.3 These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or disclose sensitive...
ISC Releases Security Advisories for BIND
The Internet Systems Consortium ISC has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and...
Oracle Releases Security Advisory for WebLogic
Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency CISA encourages user...
US-CERT Releases Oracle Java JRE 1.7 Security Advisory
US-CERT has released Vulnerability Note VU636312 to address a vulnerability in Oracle Java Runtime Environment JRE 1.7. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. US-CERT encourages users and administrators to review Vulnerability Note VU636312. Thi...
Majordomo Vulnerable to Directory Traversal
US-CERT is aware of a vulnerability affecting Majordomo 2. Exploitation of this vulnerability may allow an attacker to obtain sensitive information that could be used to leverage additional attacks. Reports indicate that this vulnerability affects builds 20110121 and prior. US-CERT encourages use...
Google Releases Security Updates for Chrome
Google has released Chrome version 56.0.2924.76 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and apply the...
Citrix Releases Security Updates for Multiple Products
Citrix has released security updates to address vulnerabilities affecting multiple products. A malicious cyber actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Citrix security bulletins and apply...
Microsoft Releases February 2021 Security Updates
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2021 Security Update Summary and...
Oracle Releases Out-of-Band Security Alert
Oracle has released an out-of-band security alert to address a remote code execution vulnerability—CVE-2020-14750—in Oracle WebLogic Server. A remote attacker can exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA urges user...
Mozilla Patches Critical Vulnerability
Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security...
Microsoft Releases Information on CVE-2019-1491
Microsoft has released information about CVE-2019-1491, a vulnerability in SharePoint Server. An attacker could exploit this vulnerability to obtain sensitive information. Microsoft released security updates for this vulnerability as part of its December 2019 Security Updates. The Cybersecurity a...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review t...
Linux Kernel Vulnerability
US-CERT is aware of a Linux kernel vulnerability known as Dirty COW CVE-2016-5195. Exploitation of this vulnerability may allow an attacker to take control of an affected system. US-CERT recommends that users and administrators review the Red Hat CVE Database, the Canoical Ubuntu CVE Tracker, and...
Supply Chain Compromises Impact Nx Console and GitHub Repositories
CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development CI/CD pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code VS...
CISA Releases Analysis Reports on New FiveHands Ransomware
CISA is aware of a recent, successful cyberattack against an organization using a new ransomware variant, known as FiveHands, that has been used to successfully conduct a cyberattack against an organization. CISA has released AR21-126A: FiveHands Ransomware and MAR-10324784-1.v1: FiveHands...
Unpatched Oracle WebLogic Servers Vulnerable to CVE-2020-2883
Oracle has released a blog post warning users that a previously disclosed Oracle WebLogic Server remote code execution vulnerability CVE-2020-2883 is being exploited in the wild. Oracle disclosed the vulnerability and provided software patches in their April 2020 Critical Patch Update; however,...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Adobe Security Bulletins...
Microsoft Releases Advance Notification for Out-of-Band Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin. This bulletin will address a vulnerability in Microsoft Internet Explorer 6 and Internet Explorer 7. The notification states that release of this bulletin is...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-1281link is external Ivanti Endpoint Manager Mobile EPMM Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference XXE Vulnerability CVE-2024-28995 SolarWinds Serv-U Path...
Fortinet Releases Security Updates for FortiOS
Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2022-42475 in FortiOS. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been exploited in the wild. CISA encourages users and administrators t...
Microsoft Addresses RCE and Spoofing Vulnerabilities Under Active Exploitation
Microsoft has released security updates to address two vulnerabilities—CVE-2020-1380 and CVE-2020-1464—that are being actively exploited. CVE-2020-1380 is a remote code execution vulnerability affecting Internet Explorer 11, and CVE-2020-1464 is a spoofing vulnerability that affects multiple...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in NSX, vCNS and vRealize Log Insight. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Security Advisories...
Apache Releases Security Advisory for Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition. CISA encourages users and administrators to review Apache’s security advisory for...
Google Releases Security Updates for Chrome
Google has released Chrome version 78.0.3904.87 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities CVE-2019-13720 was detected in exploits in the wild. The Cybersecurity and...
Apache Releases Security Advisory for Apache Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...
Juniper Networks Releases Security Updates
Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisori...
VMware Releases Security Advisory for Aria Automation
VMware released a security advisory to address a vulnerability CVE-2023-34063 in Aria Automation. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2024-0001link is external...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-36884 Microsoft Office and Windows HTML Remote Code Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors...
OpenSSL Releases Security Update
OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, "can...
VMWare Releases Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting vSphere
VMWare has released Protecting vSphere From Specialized Malware, addressing malware artifacts known as VirtualPITA ESXi & Linux, VirtualPIE ESXi, and VirtualGATE Windows, which are used to exploit and gain persistent access to instances of ESXi. CISA urges organizations employing VMWare ESXi to...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba Security Announcements and...
Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138
Atlassian has released a security advisory to address a vulnerability CVE-2022-26138 affecting Questions for Confluence App. An attacker could exploit this vulnerability to obtain sensitive information. Atlassian reports that the vulnerability is likely to be exploited in the wild. CISA encourage...
Apache Releases Security Updates for Apache Tomcat
The Apache Software Foundation has released Apache Tomcat versions 7.0.94, 8.5.40, and 9.0.19 to address a vulnerability. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...
MS-ISAC Releases Security Primer on LockerGoga Ransomware
The Multi-State Information Sharing & Analysis Center MS-ISAC has released a Security Primer on LockerGoga Ransomware—a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware can be devastating to an individual or an...
Samba Remote Code Execution Vulnerability
Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon smbd. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users and administrators...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types an...
Samba Releases Security Updates
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba security announcements as wel...
Apache Releases Security Update for Apache Struts 2
The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.0.0 to 2.5.25. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users...
Microsoft Addresses 'Wormable' RCE Vulnerability in Windows DNS Server
Microsoft has released a security update to address a remote code execution RCE vulnerability—CVE-2020-1350—in Windows DNS Server. A remote attacker could exploit this vulnerability to take control of an affected system. This is considered a “wormable” vulnerability that affects all Windows Serve...
Microsoft Releases Security Updates for its Malware Protection Engine
Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review Microsoft's Advisory and...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2008-0015link is external Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability CVE-2020-7796link is external Synacor Zimbra Collaboratio...
Palo Alto Networks Release Security Updates for PAN-OS
Palo Alto Networks has released security updates to address a vulnerability affecting PAN-OS firewall configurations with GlobalProtect portal and gateway interfaces. These updates address a vulnerability that only affects old versions of PAN-OS 8.1.16 and earlier. An unauthenticated attacker wit...
Apache Releases Security Advisory for Tomcat
The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Apache Tomcat 9.0. An attacker could exploit this vulnerability to access sensitive information. CISA encourages users and administrators to review the Apache security advisory for...
Exim Releases Security Patches
Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency CIS...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-0300link is external Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...
Apple Releases Security Updates
Apple has released security updates to address vulnerabilities—CVE-2022-22674 and CVE-2022-22675—in multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected device. These vulnerabilities have been detected in exploits in the wild. CISA encourages...