184 matches found
CVE-2021-1627
MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021...
CVE-2021-1626
CVE-2021-1626 affects MuleSoft Mule runtime components, potentially impacting CloudHub and on‑premise deployments. Affected versions are Mule 4.1.x and 4.2.x released before February 2, 2021. The connected documents confirm the remote code execution impact but do not provide an explicit fix versi...
CVE-2021-1626
MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021...
MuleSoft Mule 安全漏洞
Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports message routing, data mapping, etc. between management nodes. A security vulnerability exists in MuleSoft Mule, which can be exploited by attackers to remotely execute arbitra...
MuleSoft Mule 代码问题漏洞
Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports management of message routing between nodes, data mapping, and more. A security vulnerability exists in MuleSoft Mule 4.x runtime released before February 2, 2021, which...
MuleSoft Mule 代码问题漏洞
Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports management of message routing between nodes, data mapping, and more. A code issue vulnerability exists in MuleSoft Mule, which originates in the Mule runtime component. The...
Details of a Computer Banking Scam
This is a longish video that describes a profitable computer banking scam thats run out of call centers in places like India. Theres a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, an...
Arrest, Raids Tied to ‘U-Admin’ Phishing Kit
Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer whats being called "one of the worlds largest phishing services." The operation was carried out in coordination with the FBI and authorities in...
rsg-log-server (>=0.0.2 <=0.0.3), rsg-metrics-server (>=0.0.1 <=0.0.10) +1 more potentially affected by CVE-2020-7714 via confucious (>=0.0.10 <=0.0.9)
confucious NPM version =0.0.10, =0.0.2, =0.0.1, =1.1.0, =1.6.0 Source cves: CVE-2020-7714 Source advisory: SNYK:JS-CONFUCIOUS-598665...
First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered
Researchers say they have discovered the first-ever reported Russian business email compromise BEC cybercriminal ring, showing that sophisticated attackers beyond the usual Nigerian scammers are setting their sights on the email-based attack vector. The BEC gang is called Cosmic Lynx, and has bee...
MuleSoft Mule Resource Management Error Vulnerability
MuleSoft Mule is a lightweight integration platform from MuleSoft, USA. The platform supports management of message routing between nodes, data mapping, and more. A security vulnerability exists in MuleSoft Mule Community and Enterprise Editions versions 3.8.x, 3.9.x, and 4.x released before Apri...
CVE-2020-6937
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion...
CVE-2019-15631
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code...
CVE-2019-15631
CVE-2019-15631 is a remote code execution vulnerability affecting MuleSoft Mule CE/EE 3.x and API Gateway 2.x, described as exploitable to run arbitrary code by a remote attacker and linked to releases before 31 October 2019. The connected records consistently identify the affected product family...
CVE-2019-13116
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections...
CVE-2019-13116
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections...
Directory Traversal
mule-http-connector is vulnerable to directory traversal. The vulnerability exists as it allows serving of static resources that are out of its base path...
CVE-2019-15630
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow...
Directory traversal
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow...
CVE-2019-15630
CVE-2019-15630 describes a directory traversal vulnerability affecting MuleSoft products: APIkit, HTTP connector, and OAuth2 Provider components in Mule Runtime 3.x/4.x and all MuleSoft API Gateway versions released before August 1, 2019. The issue permits remote attackers to read files accessibl...