Lucene search
K

604 matches found

Kitploit
Kitploit
added 2022/10/03 11:30 a.m.40 views

Java-Remote-Class-Loader - Tool to send Java bytecode to your victims to load and execute using Java ClassLoader together with Reflect API

This tool allows you to send Java bytecode in the form of class files to your clients or potential targets to load and execute using Java ClassLoader together with Reflect API. The client receives the class file from the server and return the respective execution output. Payloads must be written ...

7.4AI score
Exploits0References3
Prion
Prion
added 2022/09/29 3:15 p.m.18 views

Code injection

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

5CVSS7.4AI score0.00485EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/29 2:15 p.m.29 views

CVE-2022-39252 When matrix-rust-sdk recieves forwarded room keys, the reciever doesn't check if it requested the key from the forwarder

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

8.6CVSS8.7AI score0.00485EPSS
Exploits0References4
CVE
CVE
added 2022/09/29 2:15 p.m.72 views

CVE-2022-39252

CVE-2022-39252 affects matrix-rust-sdk (and matrix-sdk-crypto). Before 0.6, forwarded room keys could be accepted without verifying the origin device, enabling a homeserver to insert keys of questionable validity and potentially mount an impersonation attack. The issue is fixed in version 0.6. Re...

8.6CVSS7.9AI score0.00485EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/09/29 1:15 p.m.1 views

UBUNTU-CVE-2022-39250

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS6.9AI score0.00928EPSS
Exploits0References7
OSV
OSV
added 2022/09/29 12:0 a.m.19 views

CVE-2022-39250 Matrix JavaScript SDK vulnerable to key/device identifier confusion in SAS verification

Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one o...

8.6CVSS8.2AI score0.00928EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/09/28 8:15 p.m.45 views

CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS7AI score0.00938EPSS
Exploits0References7
Prion
Prion
added 2022/09/28 8:15 p.m.14 views

Type confusion

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

5CVSS7.9AI score0.00865EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/09/28 5:15 p.m.20 views

Design/Logic Flaw

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

5CVSS6.5AI score0.00992EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2022/09/28 12:0 a.m.36 views

CVE-2022-39249

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

7.5CVSS8.1AI score0.00938EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/09/28 12:0 a.m.42 views

CVE-2022-39251

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a...

8.6CVSS8.2AI score0.00865EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/08/24 12:0 a.m.26 views

Fedora: Security Advisory for community-mysql (FEDORA-2022-9178229cd7)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS5.8AI score0.01439EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/03 9:15 p.m.2 views

CVE-2022-35505

A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...

7.5CVSS7.1AI score0.00767EPSS
Exploits1References2
Prion
Prion
added 2022/08/03 9:15 p.m.16 views

Command injection

A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...

5CVSS7.6AI score0.00767EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/07/29 5:0 p.m.77 views

CVE-2022-35629

Velociraptor vulnerability CVE-2022-35629 arises from a bug in client–server message handling, allowing a registered client to send messages that claim to originate from another client ID. The issue was fixed in Velociraptor version 0.6.5-2. Remediation: upgrade to 0.6.5-2 or later to close the i...

5.4CVSS5.5AI score0.00396EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.7 views

The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Client Server Run-Time Subsystem CSRSS in the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.8CVSS7.6AI score0.01013EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.8 views

The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Client Server Run-Time Subsystem CSRSS in the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.8CVSS7.8AI score0.00983EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/07/13 12:0 a.m.5 views

The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Client Server Run-Time Subsystem CSRSS in the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.8CVSS7.7AI score0.18912EPSS
Exploits0References5
OSV
OSV
added 2022/07/12 11:15 p.m.3 views

CVE-2022-22047

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

7.8CVSS7.3AI score0.18912EPSS
Exploits0References2
OSV
OSV
added 2022/07/12 11:15 p.m.3 views

CVE-2022-22049

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

7.8CVSS7.3AI score0.01013EPSS
Exploits1References1
Rows per page
Query Builder