Lucene search
K

4421 matches found

Github Security Blog
Github Security Blog
added 2021/08/25 2:48 p.m.78 views

XStream is vulnerable to a Remote Command Execution attack

Impact The vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8AI score0.9851EPSS
Exploits6References18Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:48 p.m.56 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04098EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.53 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04752EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:46 p.m.56 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream, if using the version out of the box with Java runtime version 14 to 8 or with JavaFX installed. No user is affected, who followed the...

8.5CVSS8.8AI score0.04474EPSS
Exploits1References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:46 p.m.47 views

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

8.5CVSS8.8AI score0.04752EPSS
Exploits1References13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/08/19 10:4 p.m.16 views

Security Bulletin: Resilient App Host uses higher permissions than required for containers hosted on it.

Summary Resilient App Host uses higher permissions than required for containers hosted on it which may be exploited by a malicious application. Vulnerability Details CVEID: CVE-2021-29802 DESCRIPTION: IBM Security SOAR performs an operation at a privilege level that is higher than the minimum lev...

7.5CVSS6.2AI score0.00622EPSS
Exploits0
Circl
Circl
added 2021/08/19 10:1 p.m.9 views

CVE-2021-29156

creationtimestamp| type| source ---|---|--- 2021-08-19 22:01:51+00:00| seen| https://t.me/ctinow/38741 2021-08-26 22:01:12+00:00| seen| https://t.me/ctinow/39044 2021-11-03 15:30:48+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/797 2022-10-08 13:12:01+00:00|...

7.5CVSS7.1AI score0.76385EPSS
Exploits5References6
Github Security Blog
Github Security Blog
added 2021/08/19 3:53 p.m.49 views

Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS1.1AI score0.00727EPSS
Exploits0References7Affected Software2
Kitploit
Kitploit
added 2021/08/16 9:30 p.m.28 views

PickleC2 - A Post-Exploitation And Lateral Movements Framework

PickleC2 is a post-exploitation and lateral movements framework. Documentation ReadTheDocs Overview PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. PickleC2 has the ability to import your own PowerShell modul...

7.2AI score
Exploits0References1
OSV
OSV
added 2021/08/13 11:17 a.m.10 views

OPENSUSE-SU-2021:1148-1 Security update for grafana

This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call bsc1183803 - Update to version 7.5.7: Updated relref to 'Configuring exemplars' section 34240 34243 Added exemplar topic 34147 34226 Quota: D...

7.5CVSS8.4AI score0.83042EPSS
Exploits0References11
OPENSUSE Linux
OPENSUSE Linux
added 2021/08/13 12:0 a.m.328 views

Security update for grafana (important)

openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2021:1148-1 Rating: important References: 1183803 1183809 1183811 1183813 1184371 Cross-References: CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVSS scores: CVE-2021-27358 NVD : 7.5...

7.5CVSS6.9AI score0.83042EPSS
Exploits0References5
OSV
OSV
added 2021/08/12 10:1 a.m.8 views

SUSE-SU-2021:2660-1 Security update for grafana

This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call bsc1183803 - Update to version 7.5.7: Updated relref to 'Configuring exemplars' section 34240 34243 Added exemplar topic 34147 34226 Quota: D...

7.5CVSS7.8AI score0.83042EPSS
Exploits0References11
OPENSUSE Linux
OPENSUSE Linux
added 2021/08/12 12:0 a.m.235 views

Security update for grafana (important)

openSUSE Security Update: Security update for grafana Announcement ID: openSUSE-SU-2021:2662-1 Rating: important References: 1183803 1183809 1183811 1183813 1184371 Cross-References: CVE-2021-27358 CVE-2021-27962 CVE-2021-28146 CVE-2021-28147 CVE-2021-28148 CVSS scores: CVE-2021-27358 NVD : 7.5...

7.5CVSS6.9AI score0.83042EPSS
Exploits0References5
Code423n4
Code423n4
added 2021/08/11 12:0 a.m.10 views

OracleManagerEthKillerChainlink price data could be stale

Handle cmichel Vulnerability details There is no check in OracleManagerEthKillerChainlink.getLatestPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stal...

6.8AI score
Exploits0
OSV
OSV
added 2021/08/06 11:3 a.m.1 views

OESA-2021-1306 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible t...

7.4CVSS7.3AI score0.0305EPSS
Exploits2References4
Gitee
Gitee
added 2021/08/05 4:38 p.m.8 views

vulhub111

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and more. The repository is maintained by Vulhub, a community-driven project for...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/08/05 3:5 p.m.9 views

rubygem-rdoc: Command injection vulnerability in RDoc

An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...

7CVSS7.5AI score0.0148EPSS
Exploits0References5
Circl
Circl
added 2021/08/02 2:27 p.m.6 views

CVE-2021-24472

creationtimestamp| type| source ---|---|--- 2021-08-02 14:27:23+00:00| seen| https://t.me/cibsecurity/26656 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-24472.yaml...

9.8CVSS8.7AI score0.56614EPSS
Exploits2References2
The Hacker News
The Hacker News
added 2021/08/02 10:27 a.m.42 views

PyPI Python Package Repository Patches Critical Supply Chain Flaw

The maintainers of Python Package Index PyPI last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanes...

0.8AI score
Exploits0
Fedora
Fedora
added 2021/08/02 1:7 a.m.43 views

[SECURITY] Fedora 33 Update: kernel-tools-5.13.6-100.fc33

This package contains the tools/ directory from the kernel source and the supporting documentation...

7.8CVSS1.9AI score0.00575EPSS
Exploits1
Rows per page
Query Builder