Lucene search
+L

164 matches found

thn
thn
added 2022/12/01 11:44 a.m.59 views

Researchers Disclose Critical RCE Vulnerability Affecting Quarkus Java Framework

A critical security vulnerability has been disclosed in the Quarkus Java framework that could be potentially exploited to achieve remote code execution on affected systems. Tracked as CVE-2022-4116 CVSS score: 9.8, the shortcoming could be trivially abused by a malicious actor without any...

9.8CVSS1.3AI score0.32516EPSS
Exploits0
avleonov
avleonov
added 2022/09/16 10:20 p.m.26 views

Scanvus – my open source Vulnerability Scanner for Linux hosts and Docker images

Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about my open source project Scanvus. This project is already a year old and I use it almost every day. Alternative video link for Russia: Scanvus Simple Credentialed...

7.5AI score
Exploits0
cisa_kev
cisa_kev
added 2022/08/25 12:0 a.m.72 views

WebRTC Heap Buffer Overflow Vulnerability

WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome...

8.8CVSS8.8AI score0.70461EPSS
In wildExploits0
cnnvd
cnnvd
added 2022/08/01 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in the Google Android Open Source Project AOSP, which stems from a vulnerability that allows an attacker to remotely execute code via Bluetooth without additional privileges. The followi...

9.8CVSS8.4AI score0.00919EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/08/01 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android Open Source Project AOSP, which stems from an attacker exploiting information leakage to potentially enable further attacks. The following versions are affected: AOSP versio...

7.1CVSS5AI score0.0018EPSS
Exploits0References3
androidsecurity
androidsecurity
added 2022/07/06 12:0 a.m.89 views

Android Security Bulletin—July 2022Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2022-07-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

10CVSS7.3AI score0.03111EPSS
Exploits0
malwarebytes
malwarebytes
added 2022/06/06 5:51 a.m.27 views

Tor’s (security) role in the future of the Internet, with Alec Muffett

Tor has a storied reputation in the world of online privacy. The open-source project lets people browse the Internet more anonymously by routing their traffic across different nodes before making a final connection between their device and a desired website. Its something weve discussed previousl...

7.3AI score
Exploits0
osv
osv
added 2022/04/21 5:20 p.m.21 views

CVE-2022-24875 Potential Secrets being logged to disk in CVEProject/cve-services

The CVEProject/cve-services is an open source project used to operate the CVE services api. In versions up to and including 1.1.1 the org.conroller.js code would erroneously log user secrets. This has been resolved in commit 46d98f2b and should be available in subsequent versions of the software...

5.3CVSS7.3AI score0.00941EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/04/21 12:0 a.m.3 views

cve-services 日志信息泄露漏洞

cve-services is an open source project. It is used to operate the CVE Services API. A security vulnerability exists in cve-services version 1.1.1 and earlier versions, which stems from org.conroller.js code that incorrectly logs user secrets...

7.5CVSS7.4AI score0.00941EPSS
Exploits0References3
cnvd
cnvd
added 2022/03/03 12:0 a.m.44 views

MaxSite CMS Cross-Site Scripting Vulnerability (CNVD-2022-33826) (CVE-2022-25413)

MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project.MaxSite CMS 108 has a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks via the ftags parameter in /admin/pageedit/3...

5.4CVSS3.2AI score0.00485EPSS
Exploits1References1
cnnvd
cnnvd
added 2022/01/06 12:0 a.m.7 views

Sourcecodester Vehicle Service Management System 代码问题漏洞

Sourcecodester Vehicle Service Management System is an open source PHP project. A simple web application for automotive repair/service stores or businesses. Sourcecodester Vehicle Service Management System has a security vulnerability that arises from improper design or implementation of the code...

7.2CVSS7.2AI score0.03309EPSS
Exploits1References3
cnvd
cnvd
added 2021/12/01 12:0 a.m.87 views

Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability

Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...

6.1CVSS1.1AI score0.00641EPSS
Exploits1References1
osv
osv
added 2021/11/03 5:36 p.m.20 views

GHSA-HGC3-HP6X-WPGX Antilles Dependency Confusion Vulnerability

Potential Impact: Remote code execution. Scope of Impact: Open-source project specific. Summary Description: A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a packag...

8.8CVSS9AI score0.01971EPSS
Exploits0References5
fedora
fedora
added 2021/10/29 11:24 p.m.49 views

[SECURITY] Fedora 35 Update: moby-engine-20.10.9-1.fc35

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between - and they don'...

7.8CVSS6.8AI score0.02671EPSS
Exploits3
osv
osv
added 2021/10/04 9:15 p.m.45 views

CVE-2021-41091

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traver...

6.3CVSS6.6AI score
Exploits0References5
akamaiblog
akamaiblog
added 2021/08/23 4:0 a.m.23 views

UPX Packed Headaches

Researching malware has many challenges. One of those challenges is obfuscated code and intentionally corrupted binaries. To address challenges like this, we've written a small tool in C that could fix intentionally corrupted binaries automatically. We also plan to open-source the project so othe...

1.2AI score
Exploits0
osv
osv
added 2021/08/12 11:15 a.m.2 views

CVE-2021-37222

Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via specially crafted packets...

9.8CVSS7.6AI score0.02459EPSS
Exploits0References2
cnvd
cnvd
added 2021/08/12 12:0 a.m.20 views

Live555 UAF Vulnerability

Live555 is a cross-platform C open source project that provides a solution for streaming media, which implements support for standard streaming media delivery protocols such as RTP/RTCP, RTSP, SIP, etc. A security vulnerability exists in Live555, which stems from the fact that the affected produc...

6.5CVSS1.8AI score0.0119EPSS
Exploits1References1
cnvd
cnvd
added 2021/04/21 12:0 a.m.9 views

Unspecified Vulnerability in Redmine

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A security vulnerability exists in Redmine versions prior to 3.4.13 and versions prior to 4.0.6 in t...

5.3CVSS6.6AI score0.00809EPSS
Exploits0References1
cnvd
cnvd
added 2021/03/26 12:0 a.m.4 views

Command Execution Vulnerability in jeewms

jeewms is led by Linglu Valley Technology open source project , JAVA-based warehouse management system support for self- and third-party , including PDA side and WEB side . jeewms has a command execution vulnerability. Attackers can use this vulnerability to obtain server privileges...

7.3AI score
Exploits0
Rows per page
Query Builder