Lucene search
K

489 matches found

CVE
CVE
added 2021/02/25 11:1 p.m.99 views

CVE-2021-24105

CVE-2021-24105 describes an ecosystem-wide dependency confusion vulnerability: attackers can publish high-version or malicious packages to public repositories that are pulled over private ones during development, build, or release, enabling remote code execution. Affected behavior depends on pack...

8.4CVSS8.8AI score0.02148EPSS
Exploits0References1Affected Software1
Malwarebytes
Malwarebytes
added 2021/02/11 5:57 p.m.199 views

Researcher’s audacious hack demonstrates new type of supply-chain attack

Often the most brilliant ideas are the most simple. The hard part is being the first one to come up with the idea and put it to use. One such brilliant yet simple idea belongs to Alex Birsan, a researcher who came up with a method to breach 35 big tech companies including Microsoft, Apple, Yelp,...

7.2AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/02/09 8:0 a.m.86 views

Package Managers Configurations Remote Code Execution Vulnerability

Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe...

8.4CVSS8.9AI score0.02148EPSS
Exploits0
Kaspersky
Kaspersky
added 2021/02/09 12:0 a.m.81 views

KLA12073 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in .NET Core can be...

9.8CVSS9.9AI score0.30315EPSS
Exploits2References27
Wired Threat Level
Wired Threat Level
added 2021/01/23 1:0 p.m.51 views

Chrome and Edge Want to Help Solve Your Password Problems

The line between browsers and password managers is blurring...

2.4AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/01/19 6:0 a.m.131 views

Three Word Passwords

Introduction The National Cyber Security Centre NCSC have advocated the use of three random words for several years to create strong passwords, and that advice has been repeated recently by the National Crime Agency, and multiple police forces in the UK…. but just how strong are these passwords?...

6.9AI score
Exploits0
Prion
Prion
added 2020/12/08 1:15 a.m.12 views

Design/Logic Flaw

A vulnerability was found in Moodle where users with "Log in as" capability in a course context typically, course managers may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier...

6.5CVSS8.4AI score0.01304EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2020/12/08 1:15 a.m.18 views

CVE-2020-25629

A vulnerability was found in Moodle where users with "Log in as" capability in a course context typically, course managers may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier...

8.8CVSS6.7AI score0.01304EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/11/08 12:0 a.m.6 views

PT-2023-21651 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 4.1.1 Description: The issue is related to insufficient validation of profile field availability conditions, which results in an SQL injection risk. By default, this risk is only available to teachers and managers...

9.8CVSS6.8AI score0.49102EPSS
Exploits3References79
Positive Technologies
Positive Technologies
added 2020/11/08 12:0 a.m.6 views

PT-2023-21653 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient sanitizing in the backup process, resulting in an arbitrary file read risk. By default, the capability to access th...

9.8CVSS6AI score0.49102EPSS
Exploits3References79
RedHat Linux
RedHat Linux
added 2020/11/05 6:48 p.m.2 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/05 6:47 p.m.0 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/11/04 12:0 a.m.32 views

RHEL 8 : resource-agents (RHSA-2020:4605)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4605 advisory. The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several service...

6.8CVSS6.6AI score0.02593EPSS
Exploits0References20
OSV
OSV
added 2020/11/03 12:5 p.m.25 views

ALSA-2020:4443 Moderate: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

5.5CVSS5.7AI score0.00661EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/10/15 12:0 a.m.11 views

PT-2020-16138 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.5 through 3.5.13 Moodle versions 3.7 through 3.7.7 Moodle versions 3.8 through 3.8.4 Moodle versions 3.9 through 3.9.1 Description: A vulnerability was found in Moodle where users with Log in as capability in a course contex...

9.8CVSS6.1AI score0.52299EPSS
Exploits18References102
Tenable Nessus
Tenable Nessus
added 2020/10/02 12:0 a.m.30 views

RHEL 7 : Red Hat Virtualization (RHSA-2020:4114)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4114 advisory. ovirt-ansible-repositories is an Ansible role used to set up the repositories required for oVirt engine or host installation. The openvswitc...

6.7CVSS7.4AI score0.00378EPSS
Exploits0References11
Metasploit
Metasploit
added 2020/09/24 5:41 p.m.64 views

Multiplatform Installed Software Version Enumerator

This module, when run against a compromised machine, will gather details on all installed software, including their versions and if available, when they were installed, and will save it into a loot file for later use. Users can then use this loot file to determine what additional vulnerabilites m...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/09/17 1:7 p.m.0 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
Hacker One
Hacker One
added 2020/09/16 1:19 a.m.26 views

HackerOne: Stored Cross-Site Scripting vulnerability in example Custom Digital Agreement

The advanced vetting settings page is vulnerable to a Cross-Site Scripting XSS vulnerability by passing the unsanitized Program Name into a Markdown component, which expects sanitized HTML to be given. This leads to a stored XSS vulnerability that can be exploited by a program member when the...

0.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/09/07 1:5 p.m.2 views

Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain

A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources...

7.5CVSS5.7AI score0.01438EPSS
Exploits0References4
Rows per page
Query Builder