Lucene search
K

8751 matches found

CNVD
CNVD
added 2019/03/29 12:0 a.m.2 views

EDK2 Memory Write Vulnerability

EDK2 is a set of cross-platform firmware development environment based on UEFI and PI specifications. A security vulnerability exists in EDK2's SMM service that stems from the program's failure to adequately perform memory write checks. A local attacker could exploit the vulnerability to elevate...

6.7CVSS6.4AI score0.00412EPSS
Exploits0References1
Richard Bejtlich's blog
Richard Bejtlich's blog
added 2019/03/28 8:40 p.m.65 views

Thoughts on OSSEC Con 2019

Last week I attended my first OSSEC conference. I first blogged about OSSEC in 2007, and wrote other posts about it in the following years. OSSEC is a host-based intrusion detection and log analysis system with correlation and active response features. It is cross-platform, such that I can run it...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2019/03/28 8:35 p.m.48 views

Mail.ru: Rails application running in development mode

autodiscover.staging.geekbrains.ru was running Ruby on Rails in development mode...

1.8AI score
Exploits0
CNVD
CNVD
added 2019/03/28 12:0 a.m.3 views

EDK2 Buffer Overflow Vulnerability (CNVD-2019-08728)

EDK2 is a set of cross-platform firmware development environment based on UEFI and PI specifications. A buffer overflow vulnerability exists in EDK2's DxeCore, which can be exploited by a local attacker to elevate privileges, disclose information, and/or cause a denial of service...

6.8CVSS6.9AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2019/03/27 8:29 p.m.2 views

DEBIAN-CVE-2018-12183

Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

6.8CVSS7.2AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2019/03/27 8:29 p.m.1 views

UBUNTU-CVE-2019-0161

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access...

5.5CVSS6.4AI score0.00395EPSS
Exploits0References4
OSV
OSV
added 2019/03/27 8:29 p.m.2 views

UBUNTU-CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

7.8CVSS7.1AI score0.00441EPSS
Exploits0References6
NVD
NVD
added 2019/03/27 2:29 p.m.20 views

CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

9.8CVSS9.8AI score0.92144EPSS
Exploits13References5
OSV
OSV
added 2019/03/27 2:29 p.m.23 views

CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

9.8CVSS7.6AI score
Exploits0References5
OSV
OSV
added 2019/03/27 2:29 p.m.4 views

DEBIAN-CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

9.8CVSS8.2AI score0.92144EPSS
Exploits13References1
Prion
Prion
added 2019/03/27 2:29 p.m.21 views

Remote code execution

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

7.5CVSS9.6AI score0.92144EPSS
Exploits13References5Affected Software3
Cvelist
Cvelist
added 2019/03/27 1:48 p.m.33 views

CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

9.7AI score0.92144EPSS
Exploits13References5
CVE
CVE
added 2019/03/27 1:48 p.m.310 views

CVE-2019-5420

CVE-2019-5420 affects Ruby on Rails in development mode where the secret token used to secure sessions is guessable, enabling potential RCE via Rails internals. Connected exploits demonstrate deserialization/RCE vectors dependent on a guessed development secret base. Vulnerable condition: running...

9.8CVSS9.5AI score0.92144EPSS
Exploits13References5Affected Software1
Debian CVE
Debian CVE
added 2019/03/27 1:48 p.m.26 views

CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

9.8CVSS9AI score0.92144EPSS
Exploits13
ATTACKERKB
ATTACKERKB
added 2019/03/27 12:0 a.m.32 views

Ruby on Rails DoubleTap Development Mode secret_key_base Vulnerability

Ruby on Rails versions including 5.2.2.1 and prior are vulnerable to a predicatble secretkeybase in development mode, which could be used to recreated a signed message, such as a serialized object, and gain remote code execution. Recent assessments: wchen-r7 at September 12, 2019 6:07pm UTC...

9.8CVSS9.5AI score0.92144EPSS
Exploits13References5
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/22 7:25 p.m.31 views

Security Bulletin: Vulnerability in IBM Java SDK affects IBM Z Open Development (CVE-2018-3180)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition that is used by IBM Z Open Development. The issue was disclosed as part of the IBM Java SDK updates in October 2018. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like...

6.8CVSS3.2AI score0.03392EPSS
Exploits0Affected Software1
Kitploit
Kitploit
added 2019/03/22 12:8 p.m.273 views

Xerxes - DoS Tool Enhanced

Xerxes dos tool enhanced with many features for stress testing. Features Xerxes has many features, some of these features are: TLS Support HTTP header randomization Useragent randomization Multiprocessing support Multiple Attack vectors etc... Not only that but also we are aggressively developing...

7.3AI score
Exploits0References2
CNVD
CNVD
added 2019/03/22 12:0 a.m.2 views

SQL Injection Vulnerability in Zhirui School Course Selection System

Zhirui school course selection system positioning school education development system, specialized for secondary schools, colleges and universities students online course selection, results query system, for the integrated campus information system. Zhirui School Selection System suffers from SQL...

7.7AI score
Exploits0
Fedora
Fedora
added 2019/03/21 2:41 p.m.27 views

[SECURITY] Fedora 29 Update: python2-django1.11-1.11.20-1.fc29

This package provides Django in version 1.11 LTS, the last release to support Python 2. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

7.5CVSS2.6AI score0.05399EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/03/20 12:0 a.m.38 views

Virtuozzo 6 : java-1.7.0-openjdk / java-1.7.0-openjdk-demo / etc (VZLSA-2019-0462)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

3.1CVSS6.5AI score0.03468EPSS
Exploits0References3
Rows per page
Query Builder