EUVD-2025-39144

Malicious code in wibowo-keripik49-breki npm...

CVE-2023-39144

Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext...

CVE-2022-39144

creationtimestamp| type| source ---|---|--- 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:48+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd...

CVE-2023-39144

CVE-2023-39144 affects Element55 KnowMore appliances 21 and older; multiple sources corroborate that passwords are stored in plaintext, constituting a confidentiality risk (NVD score CVSS 3.1: HIGH, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Connected docs consistently reference the same vulnerability...

CVE-2023-39144

Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 security update

A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Changes in OWASP API Security Top-10 2023RC | API Security Newsletter

Welcome to our March API newsletter, recapping some of the events of last month. And what a month it was. Among other buzzworthy news, OWASP published the initial Release Candidate for the 2023 API Security Top-10 list – we analyzed the ins & outs and presented them over the course of a couple of...

Important: Red Hat Security Advisory: Red Hat Data Grid 7.3.10 security update

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Metasploit Weekly Wrap-Up

Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream CVE-2021-39144 There’s nothing quite like a pre-authenticated remote code execution vulnerability in a piece of enterprise software. This week, community contributor h00die-gr3y added a module that targets VMware NSX...

VMware NSX Manager XStream Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware NSX Manager XStream unauthenticated RCE', 'Description' = %q VMware Cloud Foundation NSX-V contains a remote code execution vulnerability...

XStream Command Injection (CVE-2021-39144)

A command injection vulnerability exists in XStream. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

VMware Cloud Foundation has a significant RCE flaw

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A Remote Code Execution RCE vulnerability through the XStream open-source library tagged as CVE-2021-39144 in the VMware Cloud Foundation, which is a hybrid cloud platform for hosting enterprise...

VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform

VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. Tracked as CVE-2021-39144, the issue has been rated 9.8 out of 10 on the CVSS vulnerability scoring system, and relates to a remote code execution vulnerability via XStream open...

CVE-2022-39144

CVE-2022-39144 affects Siemens Parasolid and Simcenter Femap. The vulnerability is an out-of-bounds write past the end of an allocated buffer while parsing X_T files, potentially allowing code execution in the current process. Affected products/versions include Parasolid V33.1 (before 33.1.263 an...

Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.3.0 security update

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: Red Hat Decision Manager 7.12.0 security update

An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

Critical: Red Hat Security Advisory: Red Hat Process Automation Manager 7.12.0 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Important: xstream

Issue Overview: A flaw was found in xstream, a simple library used to serialize objects to XML and back again. This flaw allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to...

Moderate: Red Hat Security Advisory: Red Hat Integration Camel-K 1.6 release and security update

A minor version update from 1.4.2 to 1.6 is now available for Red Hat Integration Camel K that includes bug fixes and enhancements. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a...

[SECURITY] [DSA 5004-1] libxstream-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5004-1 [email protected] https://www.debian.org/security/ Markus Koschany November 10, 2021 https://www.debian.org/security/faq -...