Lucene search
K

8751 matches found

Rapid7 Blog
Rapid7 Blog
added 2022/07/12 6:20 p.m.13 views

The Forecast Is Flipped: Flipping L&D to Ensure Continuous Growth

At Rapid7, we staunchly believe that our people are central to upholding our mission and embodying our core values to ultimately drive our customers into a more secure future. For this reason, Rapid7 works tediously to ensure that our Moose have ample opportunities to learn and grow in their...

7AI score
Exploits0
OSV
OSV
added 2022/07/12 2:15 p.m.5 views

CVE-2022-33704

Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities...

7.8CVSS7.1AI score0.00102EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/07/12 12:0 a.m.51 views

JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection

Django provided by Django Software Foundation is a Web application framework. Extract and Trunc functions of Django used to treat date data contain an SQL injection vulnerability CWE-89. Impact An attacker may execute an arbitrary SQL command. Data in websites built using the product may be alter...

9.8CVSS9.7AI score0.73274EPSS
Exploits3
OpenVAS
OpenVAS
added 2022/07/12 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2022:2357-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS8.1AI score0.07017EPSS
Exploits1References2
OSV
OSV
added 2022/07/09 12:0 a.m.12 views

GHSA-G688-7J3C-H9F3 Known v1.3.1 Cross-site Scripting

A cross-site scripting XSS vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last...

5.4CVSS5.2AI score0.00684EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/07/09 12:0 a.m.36 views

Known v1.3.1 Cross-site Scripting

A cross-site scripting XSS vulnerability in Known v1.3.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. The researcher report indicates that versions 1.3.1 and prior are vulnerable. Version 1.2.2 is the last...

5.4CVSS5.1AI score0.00684EPSS
Exploits1References6Affected Software1
OpenVAS
OpenVAS
added 2022/07/07 12:0 a.m.18 views

SUSE: Security Advisory (SUSE-SU-2022:2312-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7AI score0.02024EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/07/06 12:0 a.m.5 views

The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment allows a perpetrator to execute arbitrary code or gain full control over the application.

The vulnerability of component ADF Faces in the Oracle Jdeveloper development environment relates to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely or gain full control over the application using the HTT...

10CVSS7.6AI score
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/06 12:0 a.m.4 views

The vulnerability of the Scripting component of the Java Runtime Environment and the Java Development Kit, which allows attackers to influence the integrity, accessibility, and confidentiality of protected information.

The vulnerability of the Scripting component of the Java Runtime Environment and the Java Development Kit application development tools is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker to influence the integrity, accessibility, and...

10CVSS8.1AI score0.96714EPSS
Exploits13References18Affected Software3
The Hacker News
The Hacker News
added 2022/07/05 2:12 p.m.38 views

Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms

A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two doze...

1.2AI score
Exploits0
Ubuntu
Ubuntu
added 2022/07/04 11:32 a.m.72 views

USN-5501-1: Django vulnerability

It was discovered that Django incorrectly handled certain SQL. An attacker could possibly use this issue to expose sensitive information...

9.8CVSS7AI score0.73274EPSS
Exploits3
Fedora
Fedora
added 2022/07/04 1:35 a.m.18 views

[SECURITY] Fedora 36 Update: golang-github-hashicorp-hclog-0.15.0-5.fc36

Go-hclog is a package for Go that provides a simple key/value logging interfa ce for use in development and production environments...

9.3CVSS8.1AI score0.05994EPSS
Exploits4
CNVD
CNVD
added 2022/07/01 12:0 a.m.23 views

Tuleap Information Disclosure Vulnerability

Tuleap is an application lifecycle management system that facilitates agile software development, design projects, V-modeling, requirements management and IT service management. An information disclosure vulnerability exists in versions prior to Tuleap 13.9.99.58 that stems from not properly...

4.3CVSS4.2AI score0.0089EPSS
Exploits0References1
Prion
Prion
added 2022/06/29 6:15 p.m.14 views

Design/Logic Flaw

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create ...

6.5CVSS7.3AI score0.01367EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/06/29 5:55 p.m.70 views

CVE-2022-31058

Tuleap SQL injection (CVE-2022-31058) affects Tuleap versions prior to 13.9.99.95. The issue arises from improper input sanitization when constructing SQL against tracker reports, enabling an attacker who can create a new tracker to execute arbitrary SQL queries. Connected sources corroborate imp...

7.2CVSS7.3AI score0.01367EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/06/29 5:55 p.m.70 views

CVE-2022-31063

Tuleap vulnerable before version 13.9.99.111 due to improper escaping of the document title in the MyDocmanSearch widget results and in the locked documents administration page. This can allow a malicious user who can create a document to trigger arbitrary code execution on a victim’s system. Aff...

6.5CVSS5.7AI score0.00617EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/06/29 5:45 p.m.67 views

CVE-2022-31032

Tuleap prior to version 13.9.99.58 is affected. The vulnerability arises from improper authorization verification when creating projects or trackers from template projects, allowing information disclosure from those templates. Remediation: upgrade to Tuleap 13.9.99.58 or newer. The available sour...

4.3CVSS4.5AI score0.0089EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/06/29 1:15 p.m.4 views

CVE-2022-33037

A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file...

7.8CVSS6.1AI score0.00391EPSS
Exploits1References1
OSV
OSV
added 2022/06/28 7:37 p.m.7 views

GSD-2022-1003672 kernfs: Separate kernfs_pr_cont_buf and rename_lock.

kernfs: Separate kernfsprcontbuf and renamelock. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2022/06/28 10:52 a.m.25 views

RLSA-2022:5317 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write CVE-2022-29824 For more details about the security issues, including the impact, a CVSS score,...

7.4CVSS7.1AI score0.0363EPSS
Exploits5References2
Rows per page
Query Builder