RHCOS 4 : OpenShift Container Platform 4.6.36 (RHSA-2021:2499)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2499 advisory. - jetty: local temporary directory hijacking vulnerability CVE-2020-27216 - jetty: buffer not correctly recycled in Gzip Request...

Security Bulletin: Due to the use of jetty IBM webMethods BPM is vulnerable to multiple vulnerabilities

Summary IBM webMethods BPM is dependant on jetty which is affected by known vulnerabilities CVE-2019-17638, CVE-2020-27218, CVE-2021-28169, CVE-2021-34428, CVE-2022-2047, CVE-2023-26048, CVE-2023-26049, CVE-2024-13009, CVE-2024-8184 Vulnerability Details CVEID:CVE-2019-17638 DESCRIPTION: In Eclip...

CVE-2026-27218

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires...

MiracleLinux 8 : glib2-2.56.4-10.el8.1 (AXSA:2021-2316:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2316:04 advisory. glib: integer overflow in gbytearraynewtake function when called with a buffer of 4GB or more on a 64-bit platform CVE-2021-27218 Tenable has extracted the...

Siemens SIMATIC S7-1500 Incorrect Conversion between Numeric Types (CVE-2021-27218)

An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 232, causing unintended length truncation. This plugin only works with Tenable.ot. Please visit...

Linux Distros Unpatched Vulnerability : CVE-2021-27218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If gbytearraynewtake was called with a buffer of 4GB or more on a 64-bit platform,...

Sitecore 10.4 - Remote Code Execution (RCE)

Exploit Title: Sitecore 10.4 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://developers.sitecore.com/downloads Version: Sitecore 10.3 - 10.4 CVE : CVE-2025-27218 Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-27218/exploit.py from requests import...

Alibaba Cloud Linux 3 : 0055: glib2 (ALINUX3-SA-2021:0055)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0055 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-13012: The keyfile settings backe...

Sitecore CVE-2025-27218 BinaryFormatter Deserialization Exploit

This module exploits a .NET deserialization vulnerability in Sitecore Experience Manager XM and Experience Platform XP 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header. Module Options msf use exploit/windows/http/sitecorexpcve202527218 msf...

Sitecore CVE-2025-27218 BinaryFormatter Deserialization

This Metasploit module exploits a .NET deserialization vulnerability in Sitecore Experience Manager XM and Experience Platform XP 10.4 by injecting a malicious Base64-encoded BinaryFormatter payload into an HTTP header. This module requires Metasploit: https://metasploit.com/download Current...

Linux Distros Unpatched Vulnerability : CVE-2020-27218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is...

CVE-2025-27218

Sitecore Experience Manager XM and Experience Platform XP 10.4 before KB1002844 allow remote code execution through insecure deserialization...

CVE-2025-27218

Sitecore Experience Manager XM and Experience Platform XP 10.4 before KB1002844 allow remote code execution through insecure deserialization...

CVE-2025-27218

Sitecore Experience Manager XM and Experience Platform XP 10.4 before KB1002844 allow remote code execution through insecure deserialization...

CVE-2025-27218

Summary: CVE-2025-27218 affects Sitecore Experience Manager/Experience Platform 10.4 and earlier, using insecure deserialization that permits remote code execution. The root cause is deserialization in the ThumbnailsAccessToken header, enabling unauthenticated RCE as described by multiple sources...

CVE-2024-27218

creationtimestamp| type| source ---|---|--- 2025-02-18 21:11:31+00:00| seen| Telegram/DCbWxGdPmocz4klLDBTDcGOL1iI4wP0ycZgDe1kCj5M4q8Tq...

RHEL 8 : jetty (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jetty: local temporary directory hijacking vulnerability CVE-2020-27216 - jetty: buffer not correctly...

RHEL 7 : glib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - glib: gfilereplace with GFILECREATEREPLACEDESTINATION creates empty target for dangling symlink...

RHEL 6 : glib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - glib: gfilereplace with GFILECREATEREPLACEDESTINATION creates empty target for dangling symlink...

Statement on Jetty vulnerabilities in Brocade SANav

A Security Researcher performing penetration testing raises CVEs in the Jetty version used by Brocade SANnav v2.1.1. Brocade Statement All supported versions of Brocade SANnav do not directly use Jetty. The code is present within some versions of the SANnav product as it is contained within other...