Lucene search
K
CisaMost viewed

4188 matches found

CISA
CISA
added 2020/12/04 12:0 a.m.45 views

Apache Releases Security Advisory for Apache Tomcat

The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review...

5CVSS2.2AI score0.24622EPSS
Exploits0References1
CISA
CISA
added 2020/01/17 12:0 a.m.45 views

Microsoft Releases Security Advisory on Internet Explorer Vulnerability

Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the advisory, “Microsoft is aware of limited targeted attacks.” The Cybersecurity and...

6.8AI score
Exploits0References2
CISA
CISA
added 2019/09/23 12:0 a.m.45 views

Microsoft Releases Out-of-Band Security Updates

Microsoft has released out-of-band security updates to address vulnerabilities in Microsoft software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators t...

7.6CVSS7.8AI score0.52729EPSS
Exploits0References3
CISA
CISA
added 2017/11/16 12:0 a.m.45 views

Oracle Releases Security Alert

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Oracle Security Alert Advisory and apply the necessary...

7.5CVSS9.1AI score0.02142EPSS
Exploits0References1
CISA
CISA
added 2026/02/17 12:0 p.m.44 views

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2008-0015link is external Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability CVE-2020-7796link is external Synacor Zimbra Collaboratio...

9.8CVSS5.8AI score0.85416EPSS
Exploits22References9
CISA
CISA
added 2022/02/11 12:0 a.m.44 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and po...

6.8CVSS2.1AI score0.16342EPSS
Exploits0References5
CISA
CISA
added 2021/07/20 12:0 a.m.44 views

Significant Historical Cyber-Intrusion Campaigns Targeting ICS

Protecting our Nation’s critical infrastructure is the responsibility of federal and state, local, tribal, and territorial SLTT governments and owners and operators of that infrastructure. The cybersecurity threats posed to the industrial control systems ICS that control and operate critical...

6.8AI score
Exploits0References10
CISA
CISA
added 2020/07/30 12:0 a.m.44 views

GNU GRUB2 Vulnerability

Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a local attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review the...

4.6CVSS1.1AI score0.01068EPSS
Exploits0References1
CISA
CISA
added 2020/07/16 12:0 a.m.44 views

CISA Releases Emergency Directive on Critical Microsoft Vulnerability

The Cybersecurity and Infrastructure Security Agency CISA has released Emergency Directive 20-03 addressing a critical vulnerability—CVE-2020-1350—affecting all versions of Windows Server with the Domain Name System DNS role enabled. A remote attacker could exploit this vulnerability to take...

10CVSS9.1AI score0.92178EPSS
Exploits21References4
CISA
CISA
added 2019/10/03 12:0 a.m.44 views

Microsoft Re-Releases Security Updates

Microsoft has re-released security updates to address a vulnerability in Microsoft software. A remote attacker could exploit this vulnerability to take control of an affected system. Updates are now available automatically via Windows Update or Windows Server Update Services. The Cybersecurity an...

7.6CVSS7.4AI score0.52729EPSS
Exploits0References1
CISA
CISA
added 2022/08/03 12:0 a.m.43 views

VMware Releases Security Updates

VMware has released security updates to address multiple vulnerabilities in VMware’s Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation. A remote attacker could exploit some of these vulnerabilities to take control of an affected system...

2.2AI score0.18994EPSS
Exploits1References1
CISA
CISA
added 2021/02/18 12:0 a.m.43 views

Cisco Releases Security Updates for AnyConnect Secure Mobility Client

Cisco has released security updates to address a vulnerability in Cisco AnyConnect Secure Mobility Client. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Cisco Security Advisory...

6.7AI score
Exploits0References1
CISA
CISA
added 2020/11/23 12:0 a.m.43 views

VMware Releases Workarounds for CVE-2020-4006

VMware has released workarounds to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure...

9CVSS3.4AI score0.23771EPSS
Exploits0References2
CISA
CISA
added 2020/06/25 12:0 a.m.43 views

Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software

Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise. The Cybersecurity and...

10CVSS3.6AI score0.74513EPSS
Exploits2References1
CISA
CISA
added 2024/12/23 12:0 p.m.42 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-44207link is external Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability These types of vulnerabilities are frequent attack vectors for malicio...

8.1CVSS7.3AI score0.17578EPSS
Exploits0References6
CISA
CISA
added 2022/12/22 12:0 a.m.42 views

CISA Releases Four Industrial Control Systems Advisories

CISA released four Industrial Control Systems ICS advisories on December 22, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...

2AI score
Exploits0References4
CISA
CISA
added 2022/03/17 12:0 a.m.42 views

OpenSSL Releases Security Updates

OpenSSL has released security updates addressing a vulnerability CVE-2022-0778 affecting multiple versions of OpenSSL. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review the OpenSSL Advisory and upgrade to the...

5CVSS2.3AI score0.70561EPSS
Exploits2References1
CISA
CISA
added 2022/03/15 12:0 a.m.42 views

Updated: Kubernetes Hardening Guide

The National Security Agency NSA and CISA have updated their joint Cybersecurity Technical Report CTR: Kubernetes Hardening Guide, originally released in August 2021, based on valuable feedback and inputs from the cybersecurity community. Kubernetes is an open-source system that automates...

0.9AI score
Exploits0References2
CISA
CISA
added 2021/04/30 12:0 a.m.42 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Samba Security Announcements for...

4.9CVSS3AI score0.01616EPSS
Exploits0References1
CISA
CISA
added 2018/07/23 12:0 a.m.42 views

Apache Releases Security Updates for Apache Tomcat

The Apache Software Foundation has released security updates to address vulnerabilities in Apache Tomcat versions 9.0.0.M9 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information. NCCIC...

5CVSS2.6AI score0.20599EPSS
Exploits0References2
CISA
CISA
added 2011/09/19 12:0 a.m.42 views

Oracle Releases Security Alert for Oracle HTTP Server Products

Oracle has released a security alert to address a vulnerability in Apache HTTPD. This vulnerability affects: Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 Oracle Application Server 10g Release 3, version 10.1.3.5.0 Oracle Application Server 10g Release 2,...

7.8CVSS1.2AI score0.98945EPSS
Exploits17References2
CISA
CISA
added 2020/12/23 12:0 a.m.41 views

CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity

CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat APT actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used...

6.8AI score
Exploits0References6
CISA
CISA
added 2020/04/28 12:0 a.m.41 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

5CVSS2.4AI score0.03455EPSS
Exploits0References2
CISA
CISA
added 2013/09/18 12:0 a.m.41 views

Microsoft Releases Security Advisory for Internet Explorer

Microsoft has released Security Advisory 2887505 regarding a remote code execution vulnerability CVE-2013-3893 impacting Internet Explorer versions 6 through 11. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. The...

9.3CVSS2.5AI score0.8593EPSS
Exploits18References4
CISA
CISA
added 2024/09/10 12:0 p.m.40 views

Cisco Releases Security Updates for Cisco Smart Licensing Utility

Cisco released security updates to address two vulnerabilities CVE-2024-20439 and CVE-2024-20440 in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the followin...

9.8CVSS7.2AI score0.91911EPSS
Exploits0References1
CISA
CISA
added 2022/11/16 12:0 a.m.40 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Samba security announcement CVE-2022-42898 and...

2.5AI score0.06419EPSS
Exploits1References2
CISA
CISA
added 2021/07/16 12:0 a.m.40 views

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance Software Release 9.16.1 and Firepower Threat Defense Software Release 7.0.0. A remote attacker could exploit this vulnerability to cause a denial of service condition. CISA encourages users and...

6.6AI score
Exploits0References1
CISA
CISA
added 2021/04/15 12:0 a.m.40 views

CISA and CNMF Analysis of SolarWinds-related Malware

CISA and the Department of Defense DoD Cyber National Mission Force CNMF have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network...

6.8AI score
Exploits0References5
CISA
CISA
added 2026/03/03 12:0 p.m.40 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-21385link is external Qualcomm Multiple Chipsets Memory Corruption Vulnerability CVE-2026-22719link is external Broadcom VMware Aria Operations Command...

8.1CVSS7.3AI score0.17424EPSS
Exploits3References7
CISA
CISA
added 2023/04/21 12:0 p.m.39 views

VMware Releases Security Update for Aria Operations for Logs

VMware has released a security update to address multiple vulnerabilities in Aria Operations for Logs formerly vRealize Log Insight. A cyber threat actor could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security...

7.7AI score
Exploits0References1
CISA
CISA
added 2022/12/16 12:0 a.m.39 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Samba security announcements and...

2.4AI score0.04488EPSS
Exploits0References4
CISA
CISA
added 2022/01/21 12:0 a.m.39 views

McAfee Releases Security Update for McAfee Agent for Windows 

McAfee has released McAfee Agent for Windows version 5.7.5, which addresses vulnerabilities CVE-2021-31854 and CVE-2022-0166. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review McAfee Security Bulletin SB10378...

9.3CVSS7.2AI score0.02969EPSS
Exploits0References2
CISA
CISA
added 2022/01/19 12:0 a.m.39 views

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

Zoho has released a security advisory to address an authentication bypass vulnerability CVE-2021-44757 in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review th...

6.4CVSS2.7AI score0.24195EPSS
Exploits0References3
CISA
CISA
added 2021/10/28 12:0 a.m.39 views

ISC Releases Security Advisory for BIND

The Internet Systems Consortium ISC has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and...

5CVSS2.1AI score0.08001EPSS
Exploits0References1
CISA
CISA
added 2021/03/31 12:0 a.m.39 views

VMware Releases Security Updates

VMware has released security updates to address multiple vulnerabilities affecting vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and...

7.2AI score
Exploits0References1
CISA
CISA
added 2021/03/31 12:0 a.m.39 views

Google Releases Security Updates for Chrome

Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. Th...

6.9AI score
Exploits0References1
CISA
CISA
added 2020/11/03 12:0 a.m.39 views

Google Releases Security Updates for Chrome, CVE-2020-16009

Google has released Chrome version 86.0.4240.183 for Windows, Mac, and Linux addressing multiple vulnerabilities, including vulnerability CVE-2020-16009. Exploit code for this vulnerability exists in the wild. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

6.8CVSS1.2AI score0.48574EPSS
Exploits3References1
CISA
CISA
added 2019/12/10 12:0 a.m.39 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to...

6.4CVSS2.4AI score0.02783EPSS
Exploits0References2
CISA
CISA
added 2025/12/19 12:0 p.m.38 views

CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor

Today, the Cybersecurity and Infrastructure Security Agency CISA, National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise IOCs and detection signatures for additional BRICKSTORM samples...

6.9AI score
Exploits0References2
CISA
CISA
added 2022/05/17 12:0 a.m.38 views

Apple Releases Security Updates for Multiple Products

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. Note: Apple notes they are aware of a report that states CVE-2022-22675 may have been actively exploited...

9.3CVSS1.8AI score0.12642EPSS
Exploits0References7
CISA
CISA
added 2022/04/12 12:0 a.m.38 views

Citrix Releases Security Updates for Multiple Products

Citrix has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Citrix security bulletins and apply the necessary...

2.3AI score
Exploits0References4
CISA
CISA
added 2022/02/08 12:0 a.m.38 views

Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM)

On February 8, 2022, SAP released security updates to address vulnerabilities affecting multiple products, including critical vulnerabilities affecting SAP applications using SAP Internet Communication Manager ICM. SAP applications help organizations manage critical business processes—such as...

10CVSS8.7AI score0.97945EPSS
Exploits8References6
CISA
CISA
added 2021/07/19 12:0 a.m.38 views

U.S. Government Releases Indictment and Several Advisories Detailing Chinese Cyber Threat Activity

CISA, the Federal Bureau of Investigation FBI, and the National Security Agency NSA have observed increasingly sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations. In response: The White...

6.8AI score
Exploits0References8
CISA
CISA
added 2021/03/31 12:0 a.m.38 views

CISA Releases Supplemental Guidance on Emergency Directive for Microsoft Exchange Server Vulnerabilities

CISA has issued supplemental direction to Emergency Directive ED 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities providing additional forensic triage and server hardening, requirements for federal agencies. Specifically, this update directs federal departments and agencies ...

6.8AI score
Exploits0References8
CISA
CISA
added 2020/12/07 12:0 a.m.38 views

Cisco Releases Security Advisory for Vulnerability in AnyConnect Software

Cisco has released security updates to address vulnerabilities in AnyConnect Secure Mobility Client Software and Security Manager. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

7.3AI score
Exploits0References2
CISA
CISA
added 2020/05/20 12:0 a.m.38 views

ISC Releases Security Advisory for BIND

The Internet Systems Consortium ISC has released security advisories that addresses vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and...

5CVSS2.2AI score0.93422EPSS
Exploits6References2
CISA
CISA
added 2020/05/01 12:0 a.m.38 views

SaltStack Patches Critical Vulnerabilities in Salt

SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these...

7.5CVSS1.5AI score0.96405EPSS
Exploits25References4
CISA
CISA
added 2019/10/24 12:0 a.m.38 views

EOL D-Link Routers Vulnerable to Remote Command Execution

The CERT Coordination Center CERT/CC has released information on a vulnerability CVE-2019-16920 affecting multiple D-Link routers. A remote attacker could exploit this vulnerability to take control of an affected device. D-Link no longer provides support to the affected end-of-life EOL devices, a...

10CVSS3.2AI score0.99996EPSS
Exploits5References2
CISA
CISA
added 2019/06/19 12:0 a.m.38 views

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

4CVSS2.5AI score0.02845EPSS
Exploits0References2
CISA
CISA
added 2019/01/04 12:0 a.m.38 views

CERT/CC Reports Critical Vulnerabilities in Microsoft Windows, Server

The CERT Coordination Center CERT/CC has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Cente...

10CVSS8.7AI score0.21115EPSS
Exploits0References4
Total number of security vulnerabilities4188