Lucene search
K

11235 matches found

Malwarebytes
Malwarebytes
added 2023/02/15 3:0 a.m.93 views

Update now! February's Patch Tuesday tackles three zero-days

The Patch Tuesday roundup from Microsoft for February 2023 includes three zero-days. Not exactly what we had in mind for Valentine's Day. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. As far as we can tell, onl...

0.1AI score0.89955EPSS
Exploits22
0day.today
0day.today
added 2023/02/15 12:0 a.m.254 views

WordPress Quiz And Survey Master 8.0.8 Media Deletion Vulnerability

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a missing authentication vulnerability that allows an attacker to delete media from the WordPress instance. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL:...

9.1CVSS0.5AI score0.02034EPSS
Exploits5
0day.today
0day.today
added 2023/02/15 12:0 a.m.319 views

WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery Vulnerability

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability. 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSR...

9.1CVSS0.1AI score0.02034EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.362 views

WordPress Quiz And Survey Master 8.0.8 Media Deletion

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Missing Authentication for Critical Function CWE-306 Date found: 2023-01-13 Date published: 2023-02-0...

0.5AI score0.02034EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.219 views

WordPress Quiz And Survey Master 8.0.8 Cross Site Request Forgery

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Quiz And Survey Master Vendor URL: https://wordpress.org/plugins/quiz-master-next/ Type: Cross-Site Request Forgery CSRF CWE-352 Date found: 2023-01-13 Date published: 2023-02-08 CVSSv3 Scor...

0.02034EPSS
Exploits6
0day.today
0day.today
added 2023/02/15 12:0 a.m.373 views

GitLab GitHub Repo Import Deserialization Remote Code Execution Exploit

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested defaultbranch. GitLab will cache this object and then deserialize it when...

9.9CVSS9.6AI score0.86194EPSS
Exploits5
CVE
CVE
added 2023/02/15 12:0 a.m.62 views

CVE-2022-47507

CVE-2022-47507 describes a Deserialization of Untrusted Data weakness in SolarWinds Platform (SolarWinds Network Performance Monitor/Web Console context). Public sources note that an attacker with Orion admin‑level access can execute arbitrary commands, with some sources indicating remote code ex...

7.2CVSS7.2AI score0.07234EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2023/02/15 12:0 a.m.317 views

GitLab GitHub Repo Import Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GitHub Repo Import Deserialization RCE', 'Description' = %q An authenticated user can import a repository from GitHub into GitLab. If a us...

9.9CVSS9.6AI score0.86194EPSS
Exploits5
OpenVAS
OpenVAS
added 2023/02/15 12:0 a.m.32 views

Microsoft .NET Framework DoS And RCE Vulnerabilities (KB5022729)

This host is missing an important security update according to Microsoft KB5022729 Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.8CVSS6.2AI score0.01148EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/02/15 12:0 a.m.26 views

Microsoft .NET Framework DoS And RCE Vulnerabilities (KB5022782)

This host is missing an important security update according to Microsoft KB5022782 Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.8CVSS6.2AI score0.01148EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/02/15 12:0 a.m.23 views

Microsoft .NET Framework DoS And RCE Vulnerabilities (KB5022727)

This host is missing an important security update according to Microsoft KB5022727 Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.8CVSS6.2AI score0.01148EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/02/15 12:0 a.m.31 views

Microsoft Office Outlook 2019 RCE Vulnerability (Feb 2023) - Mac OS X

This host is missing an important security update for Microsoft Office Outlook 2019 on Mac OS X according to Microsoft security update February 2023 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

9.8CVSS9.5AI score0.82302EPSS
Exploits11References1
OpenVAS
OpenVAS
added 2023/02/15 12:0 a.m.29 views

Microsoft .NET Framework DoS And RCE Vulnerabilities (KB5022728)

This host is missing an important security update according to Microsoft KB5022728 Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.8CVSS6.2AI score0.01148EPSS
Exploits0References1
CVE
CVE
added 2023/02/14 8:9 p.m.310 views

CVE-2023-21808

CVE-2023-21808 is a remote code execution vulnerability in .NET and Visual Studio related to how debugging symbols are read. Connected sources confirm affected products include .NET 6.0/7.0 runtimes and SDKs and Visual Studio components, with the root cause in the handling of symbol files (debug ...

7.8CVSS7.9AI score0.01148EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2023/02/14 8:9 p.m.63 views

CVE-2023-21808 .NET and Visual Studio Remote Code Execution Vulnerability

...

7.8CVSS7.9AI score0.01148EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/14 7:33 p.m.29 views

CVE-2023-21716 Microsoft Word Remote Code Execution Vulnerability

...

9.8CVSS9.7AI score0.82302EPSS
Exploits11References1
CVE
CVE
added 2023/02/14 7:33 p.m.97 views

CVE-2023-21703

CVE-2023-21703 affects Azure Data Box Gateway. The connected documents describe a Remote Code Execution vulnerability caused by insufficient access restrictions in Azure Data Box Gateway, enabling an attacker to execute arbitrary code remotely. The issue is tracked across multiple sources, with M...

7.2CVSS7AI score0.01462EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/02/14 7:33 p.m.153 views

CVE-2023-21805

Technical details about CVE-2023-21805 are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS7.8AI score0.00737EPSS
Exploits0References1Affected Software13
Cvelist
Cvelist
added 2023/02/14 7:33 p.m.34 views

CVE-2023-21797 Microsoft ODBC Driver Remote Code Execution Vulnerability

...

8.8CVSS9.4AI score0.01188EPSS
Exploits0References1
Talos Blog
Talos Blog
added 2023/02/14 6:9 p.m.75 views

Microsoft Patch Tuesday for February 2023 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 73 vulnerabilities. Of these vulnerabilities, 8 are classified as "Critical", 64 are classified as "Important", one vulnerability is classified as "Moderate." According to Microsoft none of the vulnerabilities has been publicly...

0.9AI score0.82302EPSS
Exploits11
Rows per page
Query Builder