4421 matches found
XStream is vulnerable to a Remote Command Execution attack
Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...
XStream is vulnerable to an Arbitrary Code Execution attack
Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...
XStream is vulnerable to an Arbitrary Code Execution attack
Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...
XStream is vulnerable to an Arbitrary Code Execution attack
Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the...
XStream is vulnerable to an Arbitrary Code Execution attack
Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...
Security Bulletin: Resilient App Host uses higher permissions than required for containers hosted on it.
Summary Resilient App Host uses higher permissions than required for containers hosted on it which may be exploited by a malicious application. Vulnerability Details CVEID: CVE-2021-29802 DESCRIPTION: IBM Security SOAR performs an operation at a privilege level that is higher than the minimum lev...
CVE-2021-29156
creationtimestamp| type| source ---|---|--- 2021-08-19 22:01:51+00:00| seen| https://t.me/ctinow/38741 2021-08-26 22:01:12+00:00| seen| https://t.me/ctinow/39044 2021-11-03 15:30:48+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/797 2022-10-08 13:12:01+00:00|...
Cross-Site Scripting via Rich-Text Content
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...
PickleC2 - A Post-Exploitation And Lateral Movements Framework
PickleC2 is a post-exploitation and lateral movements framework. Documentation ReadTheDocs Overview PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. PickleC2 has the ability to import your own PowerShell modul...
OPENSUSE-SU-2021:1148-1 Security update for grafana
This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call bsc1183803 - Update to version 7.5.7: Updated relref to 'Configuring exemplars' section 34240 34243 Added exemplar topic 34147 34226 Quota: D...
Security update for grafana (important)
openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2021:1148-1 Rating: important References: 1183803 1183809 1183811 1183813 1184371 Cross-References: CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVSS scores: CVE-2021-27358 NVD : 7.5...
SUSE-SU-2021:2660-1 Security update for grafana
This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call bsc1183803 - Update to version 7.5.7: Updated relref to 'Configuring exemplars' section 34240 34243 Added exemplar topic 34147 34226 Quota: D...
Security update for grafana (important)
openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2021:2662-1 Rating: important References: 1183803 1183809 1183811 1183813 1184371 Cross-References: CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVSS scores: CVE-2021-27358 NVD : 7.5...
OracleManagerEthKillerChainlink price data could be stale
Handle cmichel Vulnerability details There is no check in OracleManagerEthKillerChainlink.getLatestPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stal...
OESA-2021-1306 ruby security update
Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible t...
vulhub111
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and more. The repository is maintained by Vulhub, a community-driven project for...
rubygem-rdoc: Command injection vulnerability in RDoc
An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...
CVE-2021-24472
creationtimestamp| type| source ---|---|--- 2021-08-02 14:27:23+00:00| seen| https://t.me/cibsecurity/26656 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24472.yaml...
PyPI Python Package Repository Patches Critical Supply Chain Flaw
The maintainers of Python Package Index PyPI last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanes...
[SECURITY] Fedora 33 Update: kernel-tools-5.13.6-100.fc33
This package contains the tools/ directory from the kernel source and the supporting documentation...