Lucene search
K

8751 matches found

CNVD
CNVD
added 2019/03/18 12:0 a.m.4 views

Intel SGX SDK Double Release Vulnerability

Intel SGX SDK is a set of software development kits based on SGX Intel Software Security Extensions technology from the U.S. company Intel Intel. A double release vulnerability exists in Intel SGX SDK. An attacker could exploit this vulnerability to disclose information...

7.1CVSS6.6AI score0.00348EPSS
Exploits0References1
MSRC
MSRC
added 2019/03/16 2:56 a.m.209 views

Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec!

The MSRC is more than managing vulnerability reports, publishing Microsoft security updates, and defending the cloud. The MSRC is passionate about helping everyone improve internal engineering practices and supporting the defender community, and are excited to partner with Blackberry to host a...

Exploits0
RedhatCVE
RedhatCVE
added 2019/03/15 10:49 a.m.61 views

CVE-2019-5420

A remote code execution vulnerability in development mode Rails 5.2.2.1, 6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit...

9.8CVSS4.1AI score0.92144EPSS
Exploits13References4
Veracode
Veracode
added 2019/03/14 2:16 a.m.34 views

Remote Code Execution (RCE)

railties is vulnerable to remote code execution. A remote attacker is able to guess the automatically generated secret token when Rails is in development mode. This token can subsequently be used in combination with other Rails internals to execute arbitrary code...

9.8CVSS9.7AI score0.92144EPSS
Exploits13References8Affected Software2
OSV
OSV
added 2019/03/13 5:28 p.m.42 views

GHSA-M42H-MH85-4QGC Use of Insufficiently Random Values in Railties Allows Remote Code Execution

Possible Remote Code Execution Exploit in Rails Development Mode Impact ------ With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to...

9.8CVSS9.9AI score0.92144EPSS
Exploits13References7
Github Security Blog
Github Security Blog
added 2019/03/13 5:28 p.m.43 views

Use of Insufficiently Random Values in Railties Allows Remote Code Execution

Possible Remote Code Execution Exploit in Rails Development Mode Impact ------ With some knowledge of a target application it is possible for an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to...

9.8CVSS9.8AI score0.92144EPSS
Exploits13References8Affected Software1
CNVD
CNVD
added 2019/03/13 12:0 a.m.3 views

Stored cross-site scripting vulnerability in WODECMS front-end ne***.cl***.php file

WODECMS is a content management system developed based on a self-developed PHP development framework. A stored cross-site scripting vulnerability exists in the WODECMS front-end ne.cl.php file. An attacker can insert malicious js code into the page to obtain user cookies and other information,...

6.3AI score
Exploits0
RubySec
RubySec
added 2019/03/13 12:0 a.m.86 views

Possible Remote Code Execution Exploit in Rails Development Mode

There is a possible a possible remote code executing exploit in Rails when in development mode. This vulnerability has been assigned the CVE identifier CVE-2019-5420. Versions Affected: 6.0.0.X, 5.2.X. Not affected: 5.2.0 Fixed Versions: 6.0.0.beta3, 5.2.2.1 Impact ------ With some knowledge of a...

9.8CVSS4.2AI score0.92144EPSS
Exploits13References1Affected Software1
MSRC
MSRC
added 2019/03/12 11:44 p.m.53 views

Practical advice for earning higher Microsoft bounty awards

This year at the Nullcon International Security Conference I shared practical advice for how security researchers can maximize the impact of their security vulnerability submissions and earn higher bounty awards under the Microsoft Bounty Program. For those who couldn’t be there, I had two core...

0.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/03/12 12:0 a.m.6 views

The vulnerability of the web server for the software development tools, Intel Data Center Manager SDK, allows a perpetrator to increase their privileges.

The vulnerability of the Intel Data Center Manager SDK, a tool for developing software, is related to improper session management. Exploiting this vulnerability can allow attackers to enhance their privileges...

8.8CVSS7.6AI score0.01275EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2019/03/06 9:53 p.m.3 views

JDK: buffer overflow in jio_snprintf() and jio_vsnprintf()

In Eclipse OpenJ9, prior to the 0.12.0 release, the jiosnprintf and jiovsnprintf native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code...

9.8CVSS7.4AI score0.02744EPSS
Exploits1References4
Kitploit
Kitploit
added 2019/03/06 12:9 p.m.159 views

Legion - An Easy-To-Use, Super-Extensible And Semi-Automated Network Penetration Testing Tool That Aids In Discovery, Reconnaissance And Exploitation Of Information Systems

Legion, a fork of SECFORCE's Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. More information about...

7.2AI score
Exploits0References1
n0where
n0where
added 2019/03/05 11:31 p.m.209 views

Semi-Automated Network Penetration Testing Framework: Legion

Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. Features Automatic recon...

0.5AI score
Exploits0References1
Akamai Blog
Akamai Blog
added 2019/03/04 11:0 a.m.55 views

What's New in Web Performance? - March 2019

Organizations that do business on the web are at various stages in their digital transformation journey. Some are developing some of the most innovative and immersive digital experiences on the web, others are, for the first time, figuring out how to safely move applications to the cloud with...

0.1AI score
Exploits0
CNVD
CNVD
added 2019/03/04 12:0 a.m.2 views

Storage Performance Development Kit Denial of Service Vulnerability

Storage Performance Development Kit SPDK is a storage performance development kit from the SPDK community. The product is intended for writing high-performance, scalable user-mode storage applications. A denial of service vulnerability exists in versions prior to SPDK 19.01, which stems from a...

5.3CVSS6.7AI score0.01497EPSS
Exploits0References1
Fedora
Fedora
added 2019/03/01 11:12 p.m.28 views

[SECURITY] Fedora 28 Update: python-django-2.0.13-1.fc28

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

7.5CVSS1.6AI score0.05399EPSS
Exploits0
CVE
CVE
added 2019/03/01 10:0 p.m.37 views

CVE-2019-9547

CVE-2019-9547 affects Storage Performance Development Kit (SPDK) prior to 19.01. A malicious vhost client (e.g., a VM) could craft a circular descriptor chain that the vhost target fails to detect, leading to a partial denial of service in the SPDK vhost target. The underlying issue is insufficie...

5.3CVSS5.1AI score0.01497EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2019/03/01 2:40 a.m.30 views

[SECURITY] Fedora 29 Update: python-django-2.0.13-1.fc29

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

7.5CVSS1.6AI score0.05399EPSS
Exploits0
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2019/03/01 12:0 a.m.44 views

Stable Channel Update for Desktop

The stable channel has been updated to 72.0.3626.121 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain...

6.5CVSS7AI score0.61537EPSS
Exploits10Affected Software1
OSV
OSV
added 2019/02/28 5:29 p.m.2 views

CVE-2019-1994

In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation...

8.8CVSS7.4AI score
Exploits0References2
Rows per page
Query Builder