Lucene search
K

187 matches found

The Coalfire Blog
The Coalfire Blog
added 2021/03/19 6:37 p.m.11 views

Android: DNS setup for developing and testing against local web services

Most "interesting" smartphone applications do not run only on the smartphone device; they rely on supporting web services that can be run both by the deploying organization and 3rd parties. One of the challenges we have run into when developing Android application is setting up a suitable...

2.3AI score
Exploits0
OSV
OSV
added 2021/03/18 4:15 p.m.17 views

CVE-2021-28792

The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...

7.8CVSS8.1AI score
Exploits0References2
Prion
Prion
added 2021/03/18 4:15 p.m.12 views

Design/Logic Flaw

The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourcekit-lsp.serverPath, swift.languageServerPath, swift.path.sourcekite,...

6.8CVSS8.1AI score0.01678EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/03/18 3:4 p.m.39 views

CVE-2021-28792

The CVE-2021-28792 entry concerns the unofficial Swift Development Environment extension for Visual Studio Code, affected prior to version 2.12.1. A malicious workspace can trigger arbitrary code execution by supplying crafted values in several extension configuration fields (e.g., sourcekit-lsp....

7.8CVSS8AI score0.01678EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2021/03/09 8:14 p.m.20 views

Acronis: Information Disclosure via ZIP file on AWS Bucket [http://acronis.1.s3.amazonaws.com]

Summary Hello, @acronis Team I hope you all doing well. during My recon, I found OPEN S3 BUCKET http://acronis.1.s3.amazonaws.com and this BUCKET has an ZIP file . and this file contains sensitive information about the internal system of Acronis. This Zip file Is from 2018. And it looks like it w...

6.4AI score
Exploits0
CNVD
CNVD
added 2021/02/24 12:0 a.m.31 views

Apple Xcode has an unspecified vulnerability

Apple Xcode is an integrated development environment provided by Apple for developers to develop applications for Mac OS X and iOS. Apple Xcode 12.4 contains a security vulnerability that could be exploited by attackers to access arbitrary files on the host device...

5.5CVSS4.4AI score0.00642EPSS
Exploits0References1
CNVD
CNVD
added 2020/12/16 12:0 a.m.8 views

Eclipse Che Cross-Site Request Forgery Vulnerability (CNVD-2021-14164)

Eclipse Che is the Eclipse Foundation's set of Java-based open source online integrated development environment IDE. A cross-site request forgery vulnerability exists in Eclipse Che versions prior to 7.14.0. No detailed vulnerability details are provided at this time...

7.1CVSS6.6AI score0.00507EPSS
Exploits1References1
NVD
NVD
added 2020/09/10 5:15 p.m.30 views

CVE-2020-9738

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...

6.8CVSS0.01678EPSS
Exploits0References1
OSV
OSV
added 2020/09/10 5:15 p.m.5 views

CVE-2020-9735

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...

4.8CVSS5.8AI score0.01758EPSS
Exploits0References1
NVD
NVD
added 2020/09/10 5:15 p.m.20 views

CVE-2020-9736

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...

6.8CVSS0.01758EPSS
Exploits0References1
OSV
OSV
added 2020/09/10 5:15 p.m.3 views

CVE-2020-9736

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...

4.8CVSS5.8AI score0.01758EPSS
Exploits0References1
NVD
NVD
added 2020/09/10 5:15 p.m.21 views

CVE-2020-9737

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...

6.8CVSS0.01678EPSS
Exploits0References1
Prion
Prion
added 2020/09/10 5:15 p.m.16 views

Cross site scripting

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...

3.5CVSS5AI score0.01758EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/10 5:15 p.m.22 views

Cross site scripting

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...

3.5CVSS5AI score0.01678EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2020/09/10 5:15 p.m.21 views

Cross site scripting

AEM versions 6.5.5.0 and below, 6.4.8.1 and below, 6.3.3.8 and below and 6.2 SP1-CFP20 and below are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be...

3.5CVSS5AI score0.01678EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/07/21 3:1 p.m.18 views

ALEA-2020:3054 new module: eclipse:rhel8

Eclipse is an integrated development environment IDE. This enhancement update adds the eclipse:rhel8 module to AlmaLinux The eclipse:rhel8 module provides Eclipse version 4.15, which is based on the Eclipse Foundation's 2020-03 release train. BZ1786637 For detailed information on changes in this...

6.7AI score
Exploits0References1
Rockylinux
Rockylinux
added 2020/07/21 3:1 p.m.13 views

new module: eclipse:rhel8

An update is available for icu4j, glassfish-annotation-api. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Eclipse is an integrated development environment IDE...

1.4AI score
Exploits0
AlmaLinux
AlmaLinux
added 2020/07/21 3:1 p.m.23 views

new module: eclipse:rhel8

Eclipse is an integrated development environment IDE. This enhancement update adds the eclipse:rhel8 module to AlmaLinux The eclipse:rhel8 module provides Eclipse version 4.15, which is based on the Eclipse Foundation's 2020-03 release train. BZ1786637 For detailed information on changes in this...

1.4AI score
Exploits0References1
Securelist
Securelist
added 2020/07/21 10:0 a.m.24 views

GReAT thoughts: Awesome IDA Pro plugins

The Global Research & Analysis Team here at Kaspersky has a tradition of meeting up once a month and sharing cutting-edge research, interesting techniques and useful tools. We recently took the unprecedented decision to make our internal meetings public for a few months and present them as a seri...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/05/21 12:0 a.m.8 views

The vulnerability of the Codehaus development environment of the JBoss Enterprise Application Platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Codehaus development environment on the JBoss Enterprise Application Platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.1CVSS8.1AI score0.05175EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder