Lucene search
K

4419 matches found

Oracle linux
Oracle linux
added 2023/11/18 12:0 a.m.60 views

java-21-openjdk security and bug fix update

1:21.0.1.0.12-2.0.1 - Add Oracle vendor bug URL 1:21.0.1.0.12-2 - Switch to using portable binaries built on RHEL 7 - Sync the copy of the portable specfile with the RHEL 7 version - Related: RHEL-12997 1:21.0.1.0.12-1 - Update to jdk-21.0.1.0+12 GA - Update release notes to 21.0.1.0+12 - Sync th...

5.3CVSS5.5AI score0.014EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/11/17 6:41 p.m.42 views

Metasploit Weekly Wrap-Up

Possible Web Service Removal Metasploit has support for running with a local database, or from a remote web service which can be initialized with msfdb init --component webservice. Future versions of Metasploit Framework may remove the msfdb remote webservice. Users that leverage this functionali...

7.5CVSS9.8AI score0.80462EPSS
Exploits11
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.9 views

The user has the ability to bypass a fee claim protection for their own benefit while purchasing tokens

Lines of code Vulnerability details Impact User can bypass a fee claim protection for his own benefit by making multiple purchases instead of one, and as the result claim a fee part by part. Due to code documentation: The reward calculation has to use the old rewards value pre fee-split to not...

7AI score
Exploits0
RustSec
RustSec
added 2023/11/15 12:0 p.m.6 views

`windows-service-rs` was removed from crates.io for malicious code

This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...

5.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.7 views

Artist Royalty Split Proposal Functionality Missing

Lines of code Vulnerability details Impact The protocol's documentation specifies that royalty splits can be proposed by the artist and accepted by the admin. However, the MinterContract does not implement the functionality for artists to propose royalty splits. This inconsistency between the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.10 views

The absence of sanity checks in the MinterContract#mintAndAuction() function can lead to avoidable error scenarios.

Lines of code Vulnerability details Impact The setCollectionCosts function within the MinterContract is utilized to establish the collection costs and sales model for an upcoming collection sale. As outlined in the documentation, the expectation is that one token can be minted and auctioned durin...

6.8AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/11/06 2:0 p.m.28 views

Testing with OpenAPI Specifications

The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...

7.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/06 1:52 p.m.39 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in a component (Apache Avro Java SDK)

Summary avro is used by IBM Event Streams as part of dependencies under Java CVE-2023-39410. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:...

7.5CVSS8.2AI score0.01772EPSS
Exploits0Affected Software1
Circl
Circl
added 2023/11/03 8:9 p.m.12 views

CVE-2023-41990

creationtimestamp| type| source ---|---|--- 2023-11-03 20:09:36+00:00| seen| https://t.me/itsecnews/3601 2023-12-28 03:17:18+00:00| exploited| https://t.me/alexmakus/5221 2023-12-28 04:41:42+00:00| published-proof-of-concept| https://t.me/kasraonecom/626 2023-12-28 10:08:15+00:00| exploited|...

7.8CVSS7.4AI score0.01145EPSS
Exploits1References8
Rapid7 Blog
Rapid7 Blog
added 2023/11/03 7:10 p.m.65 views

Metasploit Weekly Wrap-Up

PTT for DCSync This week, community member smashery made an improvement to the windowssecretsdump module to enable it to dump domain hashes using the DCSync method after having authenticated with a Kerberos ticket. Now, if a user has a valid Kerberos ticket for a privileged account, they can run...

5CVSS8AI score0.99999EPSS
Exploits15
Fedora
Fedora
added 2023/11/03 6:54 p.m.33 views

[SECURITY] Fedora 39 Update: composer-2.6.5-1.fc39

Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/...

8.8CVSS7.3AI score0.01378EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/31 12:57 p.m.32 views

Security Bulletin: "Unrestricted Internet Access/Outbound Connections" affects IBM CICS TX Standard and IBM CICS TX Advanced

Summary "Unrestricted Internet Access/Outbound Connections" affects IBM CICS TX Standard and IBM CICS TX Advanced. IBM CICS TX Standard and IBM CICS TX Advanced have addressed the applicable vulnerability. Vulnerability Details CVEID: CVE-2023-43018 DESCRIPTION: IBM CICS TX performs an operation ...

7.5CVSS6.5AI score0.00448EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2023/10/30 2:10 p.m.36 views

Help links not using security attributes

h3. Issue Summary Links to documentation use the anchor tag attribute target="blank" without using rel="noopener noreferrer". Best practice is to include rel="noopener noreferrer" on any link opened with target="blank" We've had some customers report that this is triggering automated security...

7.3AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/30 12:0 a.m.30 views

GLSA-202310-19 : Dovecot: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-202310-19 Dovecot: Privilege Escalation - An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect...

8.8CVSS7.2AI score0.01748EPSS
Exploits1References3
OSV
OSV
added 2023/10/26 12:15 p.m.7 views

CVE-2023-5802

Cross-Site Request Forgery CSRF vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin = 1.3.4 versions...

8.8CVSS5.8AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2023/10/26 12:15 p.m.24 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin = 1.3.4 versions...

6.8CVSS8.8AI score0.00214EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 11:29 a.m.35 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass

Summary OpenSSL is used by IBM App Connect Enterprise Certified Container for some certificate operations. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass, caused by OpenSSL's AES-SIV cipher implementation. This bulletin provides patch...

5.3CVSS6.5AI score0.00525EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 11:27 a.m.10 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service

Summary snappy-java is used by IBM App Connect Enterprise Certified Container by the Kafka connectors. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to denial of service. This bulletin provides patch information to address the...

7.5CVSS6.4AI score0.0104EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/26 11:23 a.m.53 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass

Summary Node.js is used by IBM App Connect Enterprise Certified Container for running integration code. IBM App Connect Enterprise Certified Container operands are vulnerable to security restrictions bypass. This bulletin provides patch information to address the reported vulnerability in Node.js...

9.8CVSS6.4AI score0.01484EPSS
Exploits1Affected Software1
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.11 views

Interest accumulation linked to state updates may leak value

Lines of code Vulnerability details Impact The protocol compounds interest on every call that updates the state. This is an intentional design choice. However, this does mean that the total return for the lender, and, conversely, the cost of debt for the borrower, can be influenced by the frequen...

7AI score
Exploits0
Rows per page
Query Builder