Lucene search
K

69 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-33779

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00722EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2021-33921

Malicious code in bioql PyPI...

4CVSS4.8AI score0.0022EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2024/05/31 6:34 p.m.19 views

New! Insight Agent Support for ARM-based Windows in InsightVM

We are pleased to introduce Insight Agent support of ARM-based Windows 11 devices for both vulnerability and policy assessment within InsightVM. Customers with Windows 11 devices powered by ARM processors can now take advantage of the great performance and lower power requirements of these chips...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/04/23 8:39 a.m.17 views

CVE-2024-3185 Rapid7 Insight Agent Sensitive Key Exposed To Local Users

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This wa...

6.8CVSS6.7AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/23 12:0 a.m.6 views

Rapid7 Insight Agent 安全漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7 USA. The software is capable of collecting data from IT assets. Rapid7 Insight Agent has a security vulnerability that stems from the use of a key that does not follow the principle of least privilege by default, allowing a local attacker...

6.8CVSS6.7AI score0.00172EPSS
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2023/07/06 4:1 p.m.17 views

Alerting Rules!: InsightIDR Raises the Bar for Visibility and Coverage

By George Schneider, Information Security Manager at Listrak I've worked in cybersecurity for over two decades, so I've seen plenty of platforms come and go—some even crash and burn. But Rapid7, specifically InsightIDR, has consistently performed above expectations. In fact, InsightIDR has become...

6.7AI score
Exploits0
NVD
NVD
added 2023/04/26 9:15 a.m.26 views

CVE-2023-2273

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

7.5CVSS6.1AI score0.00722EPSS
Exploits0References1
Prion
Prion
added 2023/04/26 9:15 a.m.15 views

Path traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

5CVSS7.4AI score0.00722EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/26 8:55 a.m.60 views

CVE-2023-2273

CVE-2023-2273 affects Rapid7 Insight Agent (token handler) versions ≤ 3.2.6. The issue is a Directory Traversal where an unsanitized CLI argument flows into io.ioutil.WriteFile and is used as a path, enabling an attacker to write arbitrary files. Remediation: upgrade to version 3.3.0, which adds ...

7.5CVSS6.4AI score0.00722EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/26 8:55 a.m.10 views

CVE-2023-2273 Rapid7 Insight Agent Directory Traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

5.8CVSS6.1AI score0.00722EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/26 8:55 a.m.30 views

CVE-2023-2273 Rapid7 Insight Agent Directory Traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

5.8CVSS7.6AI score0.00722EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/26 12:0 a.m.6 views

Rapid7 Insight Agent 路径遍历漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7 USA. The software is capable of collecting data from IT assets. A security vulnerability exists in Rapid7 Insight Agent version 3.2.6 and earlier versions. An attacker exploiting this vulnerability can write to arbitrary files...

7.5CVSS7.6AI score0.00722EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.15 views

PT-2023-18671 · Rapid7 · Rapid7 Insight Agent

Name of the Vulnerable Software and Affected Versions: Rapid7 Insight Agent versions 3.2.6 and below Description: The issue is related to a Directory Traversal vulnerability. Unsantized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path, potentially allowing an...

7.5CVSS7.5AI score0.00722EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2022/12/09 3:0 p.m.28 views

AWS Graviton Processor Support on Insight Agent

By Marco Botros Marco is a Technical Product Manager for Platform at Rapid7. We are pleased to announce that the Insight Agent now supports the AWS Graviton processor. The Insight Agent supports various operating systems using the AWS Graviton processor, including Amazon Linux, Redhat, and Ubuntu...

1.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/11 1:41 p.m.52 views

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

As stated in our OpenSSL Buffer Overflow blog post, the CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate. CVE-2022-3786 can overflow an arbitrary number of bytes on the stack with the “.” character a...

3.7AI score0.92488EPSS
Exploits6
CNVD
CNVD
added 2022/03/18 12:0 a.m.20 views

Rapid7 Insight Agent has an unspecified vulnerability

Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. The software is capable of collecting data from IT assets.A security vulnerability exists in Rapid7 Insight Agent version 3.1.2.38 and prior versions, which stems from the fact that Rapid7 Insight Agent version 3.1.2.38 and prior...

7.8CVSS4.1AI score0.00453EPSS
Exploits1References1
NVD
NVD
added 2022/03/17 11:15 p.m.17 views

CVE-2022-0237

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the iragent.exe component, resulting in elevated rights and persistent access to t...

7.8CVSS0.00453EPSS
Exploits1References2
OSV
OSV
added 2022/03/17 11:15 p.m.2 views

CVE-2022-0237

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the iragent.exe component, resulting in elevated rights and persistent access to t...

7.8CVSS7.2AI score0.00453EPSS
Exploits1References2
Prion
Prion
added 2022/03/17 11:15 p.m.11 views

Privilege escalation

Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the iragent.exe component, resulting in elevated rights and persistent access to t...

7.2CVSS7.8AI score0.00453EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/03/17 10:30 p.m.90 views

CVE-2022-0237

Rapid7 Insight Agent versions 3.1.2.38 and earlier are affected by a privilege-escalation flaw in ir_agent.exe caused by an unquoted runas.exe argument. This allows an attacker with local access to hijack execution flow and gain elevated, persistent access on the machine. The issue has been fixed...

7.8CVSS6.1AI score0.00453EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder