Lucene search
K

1247 matches found

The Hacker News
The Hacker News
added 2022/08/15 6:37 a.m.52 views

Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems

A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named "secretslib" and downloaded 93 times prior to its deletion, was released to the Python Package Index PyPI on August 6, 2022 and i...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/10 6:59 a.m.193 views

CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 CVSS score: 7.5, the issue concerns a path...

7.8CVSS2.2AI score0.98975EPSS
Exploits13
VulnCheck KEV
VulnCheck KEV
added 2022/08/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-30333

RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract unpack operation...

7.5CVSS7.3AI score0.98975EPSS
Exploits12References1
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.8 views

The vulnerability of clients for conducting real-time audio and video conferences via Zoom Client for Meetings on Android, iOS, Linux, macOS, and Windows allows a perpetrator to disclose protected information.

The vulnerability of clients for conducting real-time audio and video conferences using Zoom Client for Meetings on Android, iOS, Linux, macOS, and Windows involves the disclosure of information. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

5.9CVSS8AI score0.03475EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/06/09 12:0 a.m.5 views

Podman 安全漏洞

Podman is an engine for developing, managing and running OCI containers on Linux systems. A security vulnerability exists in Podman and Varlink version 1.5.1, which stems from a problem with the component API. An attacker can exploit the vulnerability to achieve privilege escalation...

8.8CVSS6.8AI score0.02324EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2022/06/06 12:0 a.m.319 views

dbus-broker-29 Memory Corruption

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Memory Corruption Vulnerabilities product: dbus-broker vulnerable version: dbus-broker-29 fixed version: dbus-broker-31 CVE number: CVE-2022-31212, CVE-2022-3121...

0.5AI score0.01749EPSS
Exploits4
HackRead
HackRead
added 2022/05/17 7:29 p.m.20 views

New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

By Deeba Ahmed Microsoft has discovered a new Sysrv botnet variant deploying cryptocurrency miners on Windows and Linux systems. The Microsoft… This is a post from HackRead.com Read the original post: New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer...

3.5AI score
Exploits0
GithubExploit
GithubExploit
added 2022/05/16 11:57 a.m.138 views

Exploit for Path Traversal in Vmware Cloud_Foundation

CVE-2021-21972 VMware vCenter Server Remote Code Execution Vul...

10CVSS10AI score0.9957EPSS
Exploits47
OSV
OSV
added 2022/04/29 5:15 p.m.0 views

CVE-2021-3982

Linux distributions using CAPSYSNICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAPSYSNICE is currently implemented and eventually load code to increase its process scheduler priority leading to possib...

5.5CVSS5.8AI score0.00285EPSS
Exploits0References2
Kitploit
Kitploit
added 2022/04/28 12:30 p.m.27 views

Rip Raw - Small Tool To Analyse The Memory Of Compromised Linux Systems

Rip Raw is a small tool to analyse the memory of compromised Linux systems. It is similar in purpose to Bulk Extractor, but particularly focused on extracting system Logs from memory dumps from Linux systems. This enables you to analyse systems without needing to generate a profile. This is not a...

7.3AI score
Exploits0References3
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.3 views

Podman 权限许可和访问控制问题漏洞

Podman is an engine for developing, managing, and running OCI containers on Linux systems. Podman suffers from a privilege elevation vulnerability, which stems from improperly managed runtime permissions and can be exploited by attackers to elevate the privileges of the system...

8.8CVSS8.2AI score0.04238EPSS
Exploits2References21
Qualys Blog
Qualys Blog
added 2022/02/17 7:15 p.m.246 views

Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)

The Qualys Research Team has discovered multiple vulnerabilities in the snap-confine function on Linux operating systems, the most important of which can be exploited to escalate privilege to gain root privileges. Qualys recommends security teams apply patches for these vulnerabilities as soon as...

6.9CVSS0.01561EPSS
Exploits8
CNVD
CNVD
added 2022/02/03 12:0 a.m.13 views

Docker log information leakage vulnerability

Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

5.5CVSS1AI score0.00412EPSS
Exploits0References1
Kitploit
Kitploit
added 2022/01/31 8:30 p.m.34 views

RecoverPy - Interactively Find And Recover Deleted Or Overwritten Files From Your Terminal

You can already find plenty of solutions to recover deleted files, but it can be a hassle to recover overwritten files. RecoverPy searches through every block of your partition to find your request. Demo Installation  RecoverPy is currently only available on Linux systems. Dependancies Mandatory...

7.1AI score
Exploits0References3
CNVD
CNVD
added 2021/11/24 12:0 a.m.12 views

Docker code injection vulnerability

Docker is an open source application container engine from the U.S. company Docker. The product supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment, and upgrade of applications throug...

9.3CVSS1.5AI score0.01824EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/24 12:0 a.m.4 views

Octopus Server 配置错误漏洞

Octopus Server is an automated deployment platform. A misconfiguration vulnerability exists in Octopus Tentacle that stems from a misconfiguration of the product's systemd file on Linux systems. An attacker could gain privileged access by modifying the systemd file. The following products and...

7.8CVSS7.3AI score0.00208EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/11/11 12:0 a.m.5 views

The vulnerability of the uClibc library in Linux-based operating systems, related to the possibility of integer overflow, allows attackers to execute arbitrary code.

The vulnerability of the uClibc library in Linux-based operating systems is related to the possibility of integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS8.2AI score0.01529EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/11/02 10:15 p.m.7 views

CVE-2017-5123

Insufficient data validation in waitid allowed an user to escape sandboxes on Linux...

8.8CVSS8.5AI score
Exploits0References3
The Hacker News
The Hacker News
added 2021/10/23 4:42 a.m.39 views

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that...

7AI score
Exploits0
HackRead
HackRead
added 2021/10/08 10:29 p.m.38 views

Beware- FontOnLake Rootkit Malware Attacking Linux Systems

By Deeba Ahmed According to ESET's researchers, components of FontOnLake malware are divided into three groups: Trojamized app, Rootkit, and Backdoor. This is a post from HackRead.com Read the original post: Beware- FontOnLake Rootkit Malware Attacking Linux Systems...

3.6AI score
Exploits0
Rows per page
Query Builder