Lucene search
K

131 matches found

cnnvd
cnnvd
added 2022/01/10 12:0 a.m.7 views

Pipenv 命令注入漏洞

Pipenv is a tool designed to bring the best of all packaging worlds packager, composer, npm, cargo, yarn, etc. to the Python world. pipenv suffers from a command injection vulnerability that stems from allowing an attacker to insert specially crafted strings into comments anywhere in a...

9.3CVSS8.3AI score0.03897EPSS
Exploits1References7
ncsc
ncsc
added 2021/11/02 12:0 a.m.6 views

Vulnerabilities fixed in Python

Red Hat has fixed a vulnerability in Python. The vulnerability allows a remote malicious party to cause a denial-of-service exploit in the HTTP client of the victim. To do so, the malicious party must cause the victim to establish an authentication session with an HTTP server that is under contro...

6.5CVSS7AI score0.04675EPSS
Exploits1
vulnrichment
vulnrichment
added 2021/07/09 12:0 a.m.19 views

CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

6.8AI score0.01106EPSS
Exploits0References4
debiancve
debiancve
added 2021/07/09 12:0 a.m.26 views

CVE-2021-36367

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt that the attacker can use to capture credential data, and use...

8.1CVSS8.1AI score0.01106EPSS
Exploits0
ncsc
ncsc
added 2021/04/01 12:0 a.m.3 views

Vulnerabilities fixed in cURL

Vulnerabilities have been fixed in cURL.The vulnerabilities allow a remote malicious person the ability to obtain sensitive information obtain. To do so, the malicious party must induce the victim to visit a server under the control of the malicious party. -= Debian =- Debian has made updates to...

5.3CVSS6.9AI score0.05301EPSS
Exploits2
redhat
redhat
added 2021/03/16 3:14 p.m.2 views

kernel: TOCTOU mismatch in the NFS client code

A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation...

7CVSS7.2AI score0.00275EPSS
Exploits0References4
osv
osv
added 2020/12/18 7:15 p.m.17 views

CVE-2020-27687

ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen...

8.8CVSS7AI score
Exploits0References2
cnnvd
cnnvd
added 2020/12/18 12:0 a.m.6 views

Thingsboard 注入漏洞

Thingsboard is a Java-based platform for monitoring, management, and data collection of IOT devices from the Thingsboard team. A security vulnerability exists in versions prior to ThingsBoard v3.2 that stems from the injection of host headers in password reset emails. This allowed an attacker to...

8.8CVSS7.3AI score0.0152EPSS
Exploits1References3
thn
thn
added 2020/12/09 3:5 p.m.91 views

Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a...

0.6AI score
Exploits0
redhat
redhat
added 2020/10/19 5:2 p.m.5 views

kernel: TOCTOU mismatch in the NFS client code

A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation...

7CVSS7.2AI score0.00275EPSS
Exploits0References4
osv
osv
added 2020/10/08 2:15 p.m.1 views

DEBIAN-CVE-2020-15646

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This...

5.9CVSS5.8AI score0.00961EPSS
Exploits0References1
thn
thn
added 2020/09/02 8:54 a.m.29 views

New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send...

0.4AI score
Exploits0
ptsecurity
ptsecurity
added 2020/07/02 12:0 a.m.12 views

PT-2020-15432 · Jenkins · Jenkins Zephyr For Jira Test Management Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Zephyr for JIRA Test Management Plugin versions 1.5 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specifi...

4.3CVSS4.4AI score0.00656EPSS
Exploits0References7
osv
osv
added 2020/06/30 7:15 p.m.2 views

DEBIAN-CVE-2020-14058

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs becaus...

7.5CVSS6.8AI score0.02609EPSS
Exploits0References1
osv
osv
added 2020/05/19 1:15 p.m.7 views

UBUNTU-CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

7.5CVSS7.1AI score0.02619EPSS
Exploits0References7
redhat
redhat
added 2020/03/31 9:3 p.m.5 views

lftp: particular remote file names may lead to current working directory erased

It has been discovered that lftp does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker-controlled FTP server, resulting in the removal of all files...

7.8CVSS5.8AI score0.04782EPSS
Exploits1References4
attackerkb
attackerkb
added 2020/02/25 12:0 a.m.92 views

CVE-2020-8794

OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mtaio in mtasession.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce...

10CVSS9.8AI score0.98946EPSS
In wildExploits37References14
thn
thn
added 2019/11/20 8:42 a.m.57 views

Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware

What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users' wallets. The latest supply-chain cyberattack was revealed on Monda...

3AI score
Exploits0
osv
osv
added 2019/08/07 3:15 p.m.5 views

CVE-2019-10389

A missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server...

4.3CVSS5.8AI score0.00615EPSS
Exploits0References2
osv
osv
added 2019/07/13 9:15 p.m.1 views

DEBIAN-CVE-2018-20852

http.cookiejar.DefaultPolicy.domainreturnok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostnam...

5.3CVSS7.4AI score0.0388EPSS
Exploits1References1
Rows per page
Query Builder