Lucene search
+L

184 matches found

Cvelist
Cvelist
added 2021/03/26 4:17 p.m.26 views

CVE-2021-1627

MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021...

9.7AI score0.01043EPSS
Exploits0References1
CVE
CVE
added 2021/03/26 4:17 p.m.38 views

CVE-2021-1626

CVE-2021-1626 affects MuleSoft Mule runtime components, potentially impacting CloudHub and on‑premise deployments. Affected versions are Mule 4.1.x and 4.2.x released before February 2, 2021. The connected documents confirm the remote code execution impact but do not provide an explicit fix versi...

9.8CVSS9.7AI score0.02031EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/03/26 4:17 p.m.25 views

CVE-2021-1626

MuleSoft is aware of a Remote Code Execution vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. Versions affected: Mule 4.1.x and 4.2.x runtime released before February 2, 2021...

9.9AI score0.02031EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.3 views

MuleSoft Mule 安全漏洞

Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports message routing, data mapping, etc. between management nodes. A security vulnerability exists in MuleSoft Mule, which can be exploited by attackers to remotely execute arbitra...

9.8CVSS8.6AI score0.02031EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.5 views

MuleSoft Mule 代码问题漏洞

Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports management of message routing between nodes, data mapping, and more. A security vulnerability exists in MuleSoft Mule 4.x runtime released before February 2, 2021, which...

9.8CVSS8.3AI score0.01198EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/03/26 12:0 a.m.5 views

MuleSoft Mule 代码问题漏洞

Mulesoft MuleSoft Mule is a lightweight integration platform from the US company MuleSoft Mulesoft. The platform supports management of message routing between nodes, data mapping, and more. A code issue vulnerability exists in MuleSoft Mule, which originates in the Mule runtime component. The...

9.8CVSS8.4AI score0.01043EPSS
Exploits0References2
Schneier on Security
Schneier on Security
added 2021/03/22 11:15 a.m.38 views

Details of a Computer Banking Scam

This is a longish video that describes a profitable computer banking scam thats run out of call centers in places like India. Theres a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, an...

2.6AI score
Exploits0
Krebs on Security
Krebs on Security
added 2021/02/09 3:16 a.m.51 views

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin, a software package used to administer whats being called "one of the worlds largest phishing services." The operation was carried out in coordination with the FBI and authorities in...

6.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2020/08/14 9:29 a.m.7 views

rsg-log-server (>=0.0.2 <=0.0.3), rsg-metrics-server (>=0.0.1 <=0.0.10) +1 more potentially affected by CVE-2020-7714 via confucious (>=0.0.10 <=0.0.9)

confucious NPM version =0.0.10, =0.0.2, =0.0.1, =1.1.0, =1.6.0 Source cves: CVE-2020-7714 Source advisory: SNYK:JS-CONFUCIOUS-598665...

9.8CVSS7.2AI score0.01916EPSS
Exploits1
ThreatPost
ThreatPost
added 2020/07/07 11:0 a.m.57 views

First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered

Researchers say they have discovered the first-ever reported Russian business email compromise BEC cybercriminal ring, showing that sophisticated attackers beyond the usual Nigerian scammers are setting their sights on the email-based attack vector. The BEC gang is called Cosmic Lynx, and has bee...

Exploits0References17
CNVD
CNVD
added 2020/06/01 12:0 a.m.4 views

MuleSoft Mule Resource Management Error Vulnerability

MuleSoft Mule is a lightweight integration platform from MuleSoft, USA. The platform supports management of message routing between nodes, data mapping, and more. A security vulnerability exists in MuleSoft Mule Community and Enterprise Editions versions 3.8.x, 3.9.x, and 4.x released before Apri...

7.5CVSS6.7AI score0.01245EPSS
Exploits0References1
OSV
OSV
added 2020/05/29 10:15 p.m.3 views

CVE-2020-6937

A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion...

7.5CVSS5.8AI score0.01245EPSS
Exploits0References1
OSV
OSV
added 2019/12/02 2:15 a.m.4 views

CVE-2019-15631

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code...

9.8CVSS7.7AI score0.0234EPSS
Exploits0References1
CVE
CVE
added 2019/12/02 1:44 a.m.58 views

CVE-2019-15631

CVE-2019-15631 is a remote code execution vulnerability affecting MuleSoft Mule CE/EE 3.x and API Gateway 2.x, described as exploitable to run arbitrary code by a remote attacker and linked to releases before 31 October 2019. The connected records consistently identify the affected product family...

9.8CVSS9.8AI score0.0234EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2019/10/16 8:15 p.m.5 views

CVE-2019-13116

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections...

9.8CVSS7.6AI score0.05128EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2019/10/16 8:15 p.m.6 views

CVE-2019-13116

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections...

9.8CVSS6.1AI score0.05128EPSS
Exploits1References4
Veracode
Veracode
added 2019/09/02 12:46 a.m.19 views

Directory Traversal

mule-http-connector is vulnerable to directory traversal. The vulnerability exists as it allows serving of static resources that are out of its base path...

7.5CVSS4.3AI score0.02998EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/08/30 5:15 p.m.15 views

CVE-2019-15630

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow...

7.5CVSS7.5AI score0.02998EPSS
Exploits0References1
Prion
Prion
added 2019/08/30 5:15 p.m.14 views

Directory traversal

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow...

5CVSS7.4AI score0.02998EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/30 4:56 p.m.364 views

CVE-2019-15630

CVE-2019-15630 describes a directory traversal vulnerability affecting MuleSoft products: APIkit, HTTP connector, and OAuth2 Provider components in Mule Runtime 3.x/4.x and all MuleSoft API Gateway versions released before August 1, 2019. The issue permits remote attackers to read files accessibl...

7.5CVSS7.4AI score0.02998EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder