Lucene search
K

202 matches found

Vulnrichment
Vulnrichment
added 2024/11/06 7:27 p.m.13 views

CVE-2024-51755 Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig

Twig is a template language for PHP. In a sandbox, an attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the isset method is now called after the security check. This is a BC break. This issue has...

2.2CVSS3.5AI score0.00414EPSS
Exploits0References2
CVE
CVE
added 2024/11/06 7:27 p.m.63 views

CVE-2024-51755

Twig is a PHP templating engine. CVE-2024-51755 describes a sandbox vulnerability where an attacker could access attributes of Array-like objects because policy checks were not applied before the __isset() call; the check now occurs via the property policy and then __isset() is invoked. This conf...

2.2CVSS3.4AI score0.00414EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/05 2:40 p.m.2 views

Malicious code in @maps-bc/i18n (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d4aadf453111b6be9daf1b61a25c3d7201dbed9584797b6213c4608623e9dbeb The OpenSSF Package Analysis project identified '@maps-bc/i18n' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/05 2:36 p.m.3 views

Malicious code in @maps-bc/runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 10155ba7c84ace28dedd143dcb15c74cf718077864c2940d65e11f748f2b7db1 The OpenSSF Package Analysis project identified '@maps-bc/runtime' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/10/21 12:0 a.m.8 views

The vulnerability of Microprogrammed Software in Synology cameras such as BC500, TC500, and CC400W arises from access control errors, allowing attackers to execute arbitrary code.

The vulnerability of the microprogramming software of Synology BC500, Synology TC500, and Synology CC400W is related to access control errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS5.9AI score
Exploits0References1Affected Software3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/19 8:51 a.m.3 views

Malicious code in eslint-config-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6df69ef80bd1fa8d92354d60af1310a623bcc81f45747601445f423c670e0545 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/10/19 8:51 a.m.10 views

MAL-2024-9437 Malicious code in eslint-config-bc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6df69ef80bd1fa8d92354d60af1310a623bcc81f45747601445f423c670e0545 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.21 views

Atlassian Confluence < 7.19.26 / 7.20.x < 8.5.12 / 8.6.x < 8.9.4 / 9.0.1 (CONFSERVER-97723)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-97723 advisory. - An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java BC Java before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5...

7.5CVSS6.7AI score0.011EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:7 a.m.37 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-2849 DESCRIPTION: Vim is vulnerable to a heap-based buffer...

7.8CVSS9.4AI score0.01196EPSS
Exploits8Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/20 4:13 a.m.3 views

Malicious code in bc-carousel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3941632e7872e79a931f3a5f41f3fc042aab5864ebf162ea08ec70ebd5bc1d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/09/20 4:13 a.m.4 views

MAL-2024-8939 Malicious code in bc-carousel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e3941632e7872e79a931f3a5f41f3fc042aab5864ebf162ea08ec70ebd5bc1d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.152 views

SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/07 6:50 a.m.31 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to Bouncy Castle BC-FJA

Summary IBM Sterling Connect:Direct Web Service 6.1 and 6.2 is vulnerable to BC version 1.75 . We have upgraded to version 1.78 to fix CVE-2022-45146. Vulnerability Details CVEID:CVE-2022-45146 DESCRIPTION: The Legion of the Bouncy Castle BC-FJA could allow a remote attacker to obtain sensitive...

5.5CVSS5.6AI score0.00434EPSS
Exploits1Affected Software1
CVE
CVE
added 2024/06/27 7:25 p.m.66 views

CVE-2024-6127

CVE-2024-6127 affects BC Security Empire before 5.9.3. It is a path-traversal vulnerability that can enable remote code execution. An unauthenticated attacker can trigger the issue over HTTP by acting as a normal agent, completing cryptographic handshakes, and uploading payload data containing a ...

9.8CVSS9.9AI score0.10263EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/27 7:25 p.m.21 views

CVE-2024-6127 BC Security Empire Path Traversal RCE

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payloa...

9.8CVSS9.9AI score0.10263EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/27 7:25 p.m.50 views

CVE-2024-6127 BC Security Empire Path Traversal RCE

BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payloa...

9.8CVSS0.10263EPSS
Exploits1References4
OSV
OSV
added 2024/06/25 12:29 p.m.3 views

MAL-2024-1815 Malicious code in bc-baseline (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 004f716d6faa9713997578e5ad3b8a25eb483ce027b32e3a4ef6eb05179c430c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:29 p.m.2 views

Malicious code in bc-baseline (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 004f716d6faa9713997578e5ad3b8a25eb483ce027b32e3a4ef6eb05179c430c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References2
OSV
OSV
added 2024/05/21 3:15 p.m.1 views

UBUNTU-CVE-2021-47360

In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BCFREEBUFFER processing, the BINDERTYPEFDA object cleanup may close 1 or more fds. The close operations are completed using the task work mechanism -- which means the thread needs to...

5.5CVSS6.6AI score0.0025EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/20 6:22 a.m.64 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 271. Vulnerability Details CVEID:CVE-2024-1023 DESCRIPTION: Eclipse Vert.x is vulnerable to a denial of service, caused by a memory leak due to the use of Netty...

6.5CVSS7AI score0.01639EPSS
Exploits1Affected Software1
Rows per page
Query Builder