4172 matches found
CVE-2023-4155
A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...
SUSE CVE-2023-4155
A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...
CVE-2023-39523
ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...
Command injection
ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...
CVE-2023-39523 ScanCode.io command injection in docker image fetch process
ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...
CVE-2023-39523 ScanCode.io command injection in docker image fetch process
ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...
CVE-2023-39523 ScanCode.io command injection in docker image fetch process
ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...
CVE-2023-4155
A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...
WordPress Sign-up Sheets Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)
Software Sign-up Sheets Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-39165 Patch priority Low CVSS severity Low 5.4 Developer Fetch Designs PSID 3cb2a78e83f5 Credits Nguyen Xuan Chien...
WordPress Go Fetch Jobs (for WP Job Manager) Plugin <= 1.8.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Go Fetch Jobs for WP Job Manager Type Plugin Vulnerable versions = 1.8.2.2 Fixed in 1.8.4.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 4f78961ea025 Credits Rafie Muhammad...
WordPress Go Fetch Jobs (for JobEngine) Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Go Fetch Jobs for JobEngine Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 257718bba697 Credits Rafie Muhammad Patchstac...
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...
MAL-2023-696 Malicious code in price-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6217a71efdaee9fdf44b7f4197557c52db54fdf782e0d4a5f1f81ad6eb925601 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
Malicious code in price-fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6217a71efdaee9fdf44b7f4197557c52db54fdf782e0d4a5f1f81ad6eb925601 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...
TFTP Fetch, Linux Read File
Fetch and execute a x86 payload from a TFTP server. Read up to 4096 bytes from the local file system and write it back out to the specified file descriptor Module Options msf use payload/cmd/linux/tftp/x86/readfile msf payloadreadfile show actions ...actions... msf payloadreadfile set ACTION msf...
TFTP Fetch, Linux Command Shell, Bind TCP Stager with UUID Support (Linux x86)
Fetch and execute a x86 payload from a TFTP server. Spawn a command shell staged. Listen for a connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/tftp/x86/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...
TFTP Fetch, Bind TCP Stager with UUID Support (Linux x86)
Fetch and execute a x86 payload from a TFTP server. Listen for a connection with UUID Support Linux x86 Module Options msf use payload/cmd/linux/tftp/x86/meterpreter/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf payloadbindtcpuuid show options...
TFTP Fetch, Bind TCP Stager
Fetch and execute a x86 payload from a TFTP server. Listen for a connection Module Options msf use payload/cmd/linux/tftp/x86/meterpreter/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set options...
HTTP Fetch, Linux Meterpreter Service, Bind TCP
Fetch and execute a x86 payload from an HTTP server. Stub payload for interacting with a Meterpreter Service Module Options msf use payload/cmd/linux/http/x86/metsvcbindtcp msf payloadmetsvcbindtcp show actions ...actions... msf payloadmetsvcbindtcp set ACTION msf payloadmetsvcbindtcp show option...
HTTP Fetch, Linux Command Shell, Reverse TCP Stager
Fetch and execute a x86 payload from an HTTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/http/x86/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options...