Lucene search
K

2594 matches found

exploitpack
exploitpack
added 2018/03/20 12:0 a.m.35 views

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation / Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here:...

1.1AI score
Exploits0
Exploit DB
Exploit DB
added 2018/03/20 12:0 a.m.35 views

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

/ Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here: /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon This service vends a Distributed Object which expos...

7.4AI score
Exploits0
Fedora
Fedora
added 2018/03/14 7:40 p.m.41 views

[SECURITY] Fedora 27 Update: ceph-12.2.4-1.fc27

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage...

7.5CVSS2.6AI score0.0297EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/03/06 12:0 a.m.41 views

Ubuntu 14.04 LTS / 16.04 LTS : Memcached vulnerabilities (USN-3588-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3588-1 advisory. Daniel Shapira discovered an integer overflow issue in Memcached. A remote attacker could use this to cause a denial of service daemon crash...

7.5CVSS7.2AI score0.8864EPSS
Exploits4References3
Hacker One
Hacker One
added 2018/03/03 5:43 a.m.18 views

Stellar.org: It's possible to put SDX orderbook into invalid state and execute trades at arbitrary price

stellar-core improperly handles creation of a buy offer which crosses existing sell offers immediate execution but can only be filled partially due to a trustline limit on the source account. This makes it possible to create a valid offer to buy any custom asset at higher price than existing sell...

0.5AI score
Exploits0
CNVD
CNVD
added 2018/02/27 12:0 a.m.1 views

Cisco Virtualized Packet Core-Distributed Instance Software Denial of Service Vulnerability

Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software is a productized version of Cisco's StarOS software that is deployed on a dedicated hardware platform.The Cisco StarOS operating The Cisco StarOS operating system is one of the virtualization operating systems. A denial of service...

8.6CVSS6.8AI score0.01772EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/24 12:0 a.m.20 views

Apache JMeter Remote Command Execution Vulnerability

Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...

9.8CVSS7.8AI score0.10096EPSS
Exploits0References1
seebug.org
seebug.org
added 2018/02/23 12:0 a.m.90 views

Apache JMeter uses an unsecure RMI connection in Distributed mode

Severity: Important Vendor: The Apache Software Foundation Versions Affected: JMeter 2.X, 3.X Description 0: When using Distributed Test only RMI based, jmeter uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code. This only affect...

6.7AI score
Exploits0
Prion
Prion
added 2018/02/14 2:29 p.m.17 views

Design/Logic Flaw

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

7.5CVSS9.2AI score0.03416EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/02/14 2:29 p.m.3 views

DEBIAN-CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

9.8CVSS6.9AI score0.03416EPSS
Exploits0References1
OSV
OSV
added 2018/02/14 2:29 p.m.2 views

UBUNTU-CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

9.8CVSS7.3AI score0.03416EPSS
Exploits0References4
Veracode
Veracode
added 2018/02/13 12:52 p.m.16 views

Remote Code Execution (RCE)

Apache JMeter is vulnerable to remote code execution RCE attacks. The application uses an insecure RMI connection when conducting distributed tests, allowing a malicious user to inject and execute arbitrary code through serialized objects...

9.8CVSS9.8AI score0.10096EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2018/02/13 12:29 p.m.15 views

Code injection

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

7.5CVSS9.2AI score0.10096EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/02/13 12:29 p.m.4 views

UBUNTU-CVE-2018-1297

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

9.8CVSS7.3AI score0.10096EPSS
Exploits0References4
OSV
OSV
added 2018/02/13 12:29 p.m.3 views

DEBIAN-CVE-2018-1297

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

9.8CVSS6.9AI score0.10096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/02/08 7:29 a.m.0 views

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

8.6CVSS5.8AI score0.01772EPSS
Exploits0References3
OSV
OSV
added 2018/02/08 7:29 a.m.3 views

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

8.6CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2018/02/08 7:29 a.m.26 views

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

8.6CVSS8.4AI score0.01772EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/02/08 7:0 a.m.24 views

CVE-2018-0117

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance VPC-DI Software could allow an unauthenticated, remote attacker to cause both control function CF instances on an affected system to reload, resulting in a denial of service Do...

8.4AI score0.01772EPSS
Exploits0References2
Fedora
Fedora
added 2017/12/19 7:55 p.m.13 views

[SECURITY] Fedora 27 Update: nodejs-8.9.3-2.fc27

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

1.6AI score
Exploits0
Rows per page
Query Builder