Lucene search
K

7690 matches found

UbuntuCve
UbuntuCve
added 2021/12/13 6:15 p.m.29 views

CVE-2020-16156

CPAN 2.28 allows Signature Verification Bypass...

7.8CVSS7.1AI score0.00791EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2021/12/13 6:14 p.m.57 views

Log4Shell Is Spawning Even Nastier Mutations

The internet has a fast-spreading, malignant cancer – otherwise known as the Apache Log4j logging library exploit – that’s been rapidly mutating and attracting swarms of attackers since it was publicly disclosed last week. Most of the attacks focus on cryptocurrency mining done on victims’ dimes,...

10CVSS10AI score0.99999EPSS
Exploits347References52
OSV
OSV
added 2021/12/10 1:15 p.m.3 views

CVE-2021-37189

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

7.5CVSS5.8AI score0.00588EPSS
Exploits0References2
NVD
NVD
added 2021/12/10 1:15 p.m.12 views

CVE-2021-37189

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

7.5CVSS0.00588EPSS
Exploits0References2
Prion
Prion
added 2021/12/10 1:15 p.m.15 views

Session fixation

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

5CVSS7.4AI score0.00588EPSS
Exploits0References2Affected Software6
CVE
CVE
added 2021/12/10 12:47 p.m.44 views

CVE-2021-37189

CVE-2021-37189 affects Digi TransPort Gateway devices up to version 5.2.13.4. The issue is that these devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause cookies to be sent in cleartext over an HTTP session. This behavior is described in the NVD entr...

7.5CVSS7.4AI score0.00588EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/10 12:47 p.m.16 views

CVE-2021-37189

An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session...

7.7AI score0.00588EPSS
Exploits0References2
CheckPoint Security
CheckPoint Security
added 2021/12/10 12:0 a.m.93 views

Check Point Response to Apache Log4j Remote Code Execution

Solution On December 10, 2021, a proof of concept of a vulnerability in the Apache Log4j Java library CVE-2021-44228 was published. The vulnerability may allow unauthenticated threat actors to obtain remote code execution. The severity of the vulnerability was deemed critical. The Check Point...

10CVSS9.6AI score0.99999EPSS
Exploits354
OSV
OSV
added 2021/12/08 10:15 p.m.13 views

CVE-2021-38507

The Opportunistic Encryption feature of HTTP2 RFC 8164 allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP addre...

6.5CVSS8.6AI score
Exploits0References10
Mageia
Mageia
added 2021/12/08 8:4 p.m.63 views

Updated java openjdk packages fix security vulnerability

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using Kerberos...

7.1CVSS0.6AI score0.14839EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/12/08 7:52 p.m.41 views

Instance config inline secret exposure in Grafana

Impact Some inline secrets are exposed in plaintext over the Grafana Agent HTTP server: Inline secrets for metrics instance configs in the base YAML file are exposed at /-/config Inline secrets for integrations are exposed at /-/config Inline secrets for Consul ACL tokens and ETCD basic auth when...

7.5CVSS0.6AI score0.00736EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2021/12/08 7:52 p.m.17 views

GHSA-9C4X-5HGQ-Q3WH Instance config inline secret exposure in Grafana

Impact Some inline secrets are exposed in plaintext over the Grafana Agent HTTP server: Inline secrets for metrics instance configs in the base YAML file are exposed at /-/config Inline secrets for integrations are exposed at /-/config Inline secrets for Consul ACL tokens and ETCD basic auth when...

6.5CVSS7.7AI score0.00736EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2021/12/08 7:28 p.m.24 views

Not with a Bang but a Whisper: The Shift to Stealthy C2

As defensive tools have evolved to detect more and more traditional attack techniques, it should come as no surprise that attackers have shifted tactics. This ever-evolving arms race between offensive security toolsets, bespoke advanced persistent threat APT malware and the billion-dollar infosec...

7.2AI score
Exploits0References3
NVD
NVD
added 2021/12/08 5:15 p.m.12 views

CVE-2021-41090

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

7.5CVSS0.00736EPSS
Exploits0References6
Prion
Prion
added 2021/12/08 5:15 p.m.20 views

Authentication flaw

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

4.3CVSS7.6AI score0.00736EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2021/12/08 4:15 p.m.18 views

CVE-2021-41090 Instance config inline secret exposure

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

6.5CVSS8AI score0.00736EPSS
Exploits0References6
NVD
NVD
added 2021/12/08 1:15 p.m.19 views

CVE-2021-41014

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets...

7.5CVSS0.01119EPSS
Exploits0References1
CVE
CVE
added 2021/12/08 1:6 p.m.60 views

CVE-2021-41014

Fortinet FortiWeb is affected by CVE-2021-41014. FortiWeb versions 6.4.1 and earlier and 6.3.15 and earlier allow an unauthenticated attacker to cause a Denial of Service by sending huge HTTP packets that make the httpsd daemon unresponsive. The vulnerability is documented in Fortinet’s FG-IR-21-...

7.5CVSS7.5AI score0.01119EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/12/08 12:0 a.m.4 views

Fortinet FortiWeb 资源管理错误漏洞

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

7.5CVSS5.7AI score0.01119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/12/02 12:0 a.m.208 views

VMware vCenter Server 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2021-0027)

The version of VMware vCenter Server installed on the remote host is 6.5 prior to 6.5 U3r or 6.7 prior to 6.7 U3p. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in the vSphere web client. An unauthenticated, remote attacker can exploit this,...

9.8CVSS8.7AI score0.04601EPSS
Exploits2References3
Rows per page
Query Builder