Lucene search
K

7691 matches found

Cvelist
Cvelist
added 2021/06/23 10:25 p.m.18 views

CVE-2021-2322

Vulnerability in OpenGrok component: Web App. Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1...

8.8CVSS8.8AI score0.01427EPSS
Exploits0References1
CVE
CVE
added 2021/06/23 10:25 p.m.81 views

CVE-2021-2322

OpenGrok Web App vulnerability CVE-2021-2322 affects OpenGrok versions 1.6.7 and earlier. Root cause per multiple sources is insecure XML deserialization leading to remote code execution and full takeover risk. Affected entries consistently cite CVSS 3.1 base score 8.8 (HIGH) with network access ...

8.8CVSS8.6AI score0.01427EPSS
Exploits0References1Affected Software1
Amazon
Amazon
added 2021/06/23 12:0 a.m.90 views

Medium: python-pip

Issue Overview: A flaw was found in python-urllib3. SSL certificate validation is omitted in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy if an SSLContext isn't given via proxyconfig doesn't verify the hostname of the certificate. This means certificates...

6.5CVSS7.2AI score0.02109EPSS
Exploits2
OPENSUSE Linux
OPENSUSE Linux
added 2021/06/18 12:0 a.m.31 views

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0895-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...

3.3CVSS7.5AI score0.02477EPSS
Exploits1References1
Malwarebytes
Malwarebytes
added 2021/06/17 1:25 p.m.208 views

The 6 best Chrome extensions for privacy and security

While searching for security- and privacy-improving extensions, users may end up installing an extension that is counterproductive to their goals. To help our readers I have compiled a list of Chrome extensions that can actually help you improve your online privacy and security. Our regular reade...

Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/06/17 12:8 p.m.42 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Deutsche Börse Prime Standard

Today, Rapid7 released the fourth in our Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not so fast!...

7.3AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2021/06/17 12:0 a.m.34 views

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0893-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...

3.3CVSS7.5AI score0.02477EPSS
Exploits1References1
Citrix
Citrix
added 2021/06/16 12:0 a.m.9 views

ADM and Director Intergration missing Network HDX data: Error "No details are available" or blank page

Running Citrix ADM 13.0 latest and attempting to integrated the network function into our Citrix Director 1912. Attempted to use both HTTP and HTTPS. WIth HTTP the network tab on director is blank. With HTTPS it say no details are available. The following guide was used:...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.50 views

SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2020:14398-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14398-1 advisory. - Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231,...

8.3CVSS6.5AI score0.0623EPSS
Exploits0References19
The Hacker News
The Hacker News
added 2021/06/09 4:39 p.m.132 views

New TLS Attack Lets Attackers Launch Cross-Protocol Attacks Against Secure Sites

Researchers have disclosed a new type of attack that exploits misconfigurations in transport layer security TLS servers to redirect HTTPS traffic from a victim's web browser to a different TLS service endpoint located on another IP address to steal sensitive information. The attacks have been...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2014:0569-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.8AI score0.3263EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2020:0568-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.7AI score0.01366EPSS
Exploits0References2
Kitploit
Kitploit
added 2021/06/08 12:30 p.m.37 views

Link - A Command And Control Framework Written In Rust

link is a command and control framework written in rust. Currently in beta. Introduction link provides MacOS, Linux and Windows implants which may lack the necessary evasive tradecraft provided by other more mature command and control frameworks. Tested on Linux only. Features Hopefully this list...

7.2AI score
Exploits0References10
OSV
OSV
added 2021/06/07 9:15 p.m.16 views

CVE-2021-29504

WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the...

7.4CVSS7.2AI score
Exploits0References7
Prion
Prion
added 2021/06/07 9:15 p.m.11 views

Hardcoded credentials

WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the...

7.5CVSS7.6AI score0.01312EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2021/06/07 8:50 p.m.98 views

CVE-2021-29504

WP-CLI (WordPress CLI) vulnerability CVE-2021-29504 arises from improper error handling in HTTPS requests in WP_CLI\Utils\http_request(). On TLS handshake errors, the older default disabled certificate validation, allowing a remote attacker to intercept traffic, impersonate update servers, and pu...

9.1CVSS7.7AI score0.01312EPSS
Exploits0References7Affected Software1
OpenVAS
OpenVAS
added 2021/06/07 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-1962)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.05301EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2021/06/07 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-1969)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.05301EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2021/06/04 12:0 a.m.31 views

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2021-1969)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad...

5.3CVSS6.5AI score0.05301EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2021/06/04 12:0 a.m.26 views

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2021-1962)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way libcurl handled TLS 1.3 session tickets. A malicious HTTPS proxy could possibly use this flaw to make...

5.3CVSS6.4AI score0.05301EPSS
Exploits2References3
Rows per page
Query Builder