Lucene search
K

33 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:0 a.m.4 views

CVE-2018-20878

cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface SEC-441...

5.4CVSS6.2AI score0.00519EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2024/03/12 8:45 p.m.35 views

Top MITRE ATT&CK Tactics and Techniques Leveraged in 2023

The Qualys Threat Research Unit has mapped vulnerabilities and misconfigurations to the MITRE ATT&CK framework tactics and techniques to help you get the attacker’s view. They have also analyzed vulnerabilities and misconfigurations across all our customers to find the top tactics and techniques...

9.8AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/01/31 6:25 a.m.1 views

File and Directory Permissions Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Overview A File and Directory Permissions Vulnerability exists in Hitachi Storage Plug-in for VMware vCenter. Affected products and versions are listed below. Please upgrade your version to the appropriate version. Impact Regarding the impact of the vulnerability, please refer to the vendor...

7.9CVSS6.8AI score0.00142EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/01/16 1:0 a.m.39 views

CVE-2023-6457 File and Directory Permission Vulnerability in Hitachi Tuning Manager

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows Hitachi Tuning Manager server component allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04...

6.6CVSS7AI score0.00141EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/08/04 10:33 a.m.21 views

Malicious npm Packages Found Exfiltrating Sensitive Data from Developers

Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. Software supply chain firm Phylum, which first identified the "test" packages on July 31, 2023, said they "demonstrated increasi...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2023/01/17 1:21 a.m.27 views

CVE-2020-36611 File and Directory Permission Vulnerability in Hitachi Tuning Manager

Incorrect Default Permissions vulnerability in Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS, Hitachi Tuning Manager - Agent for SAN Switch components allows local users to read and write specific...

6.6CVSS6.8AI score0.0015EPSS
Exploits0References1
hivepro
hivepro
added 2022/04/12 9:45 a.m.17 views

APT 10, a state-sponsored Chinese threat group, conducting a global cyber espionage operation

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A Chinese state-sponsored advanced persistent threat APT 10 group has been attacking government, legal, religious entities and non-governmental organizations NGOs around the world in what appears to be an espionage campaign th...

1.9AI score
Exploits0
hivepro
hivepro
added 2022/04/05 12:57 p.m.254 views

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...

9.3CVSS0.3AI score0.99999EPSS
Exploits351
hivepro
hivepro
added 2022/03/25 2:16 p.m.224 views

North Korean state-sponsored threat actor Lazarus Group exploiting Chrome Zero-day vulnerability

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here For more than a month before a fix was available, North Korean state hackers known as Lazarus group exploited a zero-day, remote code execution vulnerability CVE-2022-0609 in Google Chromes web browser. The attack mainly targe...

9.1AI score0.23546EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.231 views

AlmaLinux 8 : samba (ALSA-2021:1647)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1647 advisory. - An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, usin...

10CVSS7.5AI score0.99512EPSS
Exploits75References4
hivepro
hivepro
added 2022/02/07 2:23 p.m.22 views

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/05/26 12:0 a.m.59 views

Oracle Linux 8 : samba (ELSA-2021-1647)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1647 advisory. - resolves: 1891688 - Fix CVE-2020-14323 - resolves: 1892633 - Fix CVE-2020-14318 - resolves: 1892639 - Fix CVE-2020-14383 - resolves: 1879835 - Fix...

10CVSS7.7AI score0.99512EPSS
Exploits75References4
OpenVAS
OpenVAS
added 2021/03/05 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1533)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.2AI score0.99512EPSS
Exploits75References4
OpenVAS
OpenVAS
added 2021/03/05 12:0 a.m.29 views

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2021-1517)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.1AI score0.99512EPSS
Exploits75References4
Tenable Nessus
Tenable Nessus
added 2020/12/16 12:0 a.m.52 views

Oracle Linux 7 : samba (ELSA-2020-5439)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5439 advisory. - resolves: 1892632 - Fix CVE-2020-14318 - resolves: 1891687 - Fix CVE-2020-14323 - resolves: 1879834 - Fix CVE-2020-1472 Tenable has extracted the...

10CVSS7.7AI score0.99512EPSS
Exploits75References4
OpenVAS
OpenVAS
added 2020/12/01 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2020-2491)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6.2AI score0.01521EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.53 views

RHEL 7 : ruby (RHSA-2019:2028)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2028 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...

9.8CVSS7.3AI score0.10552EPSS
Exploits0References34
OSV
OSV
added 2019/08/01 1:15 p.m.3 views

CVE-2018-20878

cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface SEC-441...

5.4CVSS5.8AI score0.00519EPSS
Exploits0References1
Prion
Prion
added 2019/08/01 1:15 p.m.19 views

Design/Logic Flaw

cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface SEC-441...

3.5CVSS5.2AI score0.00519EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/01 12:44 p.m.42 views

CVE-2018-20878

CVE-2018-20878 affects cPanel prior to 74.0.8, where a stored XSS vulnerability exists in the WHM “File and Directory Restoration” interface (SEC-441). The CNVD entry notes the issue stems from a lack of proper validation of client-side data in the WEB application. Connected records consistently ...

5.4CVSS5.2AI score0.00519EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder