Lucene search
K

11236 matches found

Tenable Nessus
Tenable Nessus
added 2022/12/16 12:0 a.m.48 views

Debian dla-3243 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3243 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3243-1 [email protected]...

9.8CVSS7.8AI score0.5838EPSS
Exploits7References14
CVE
CVE
added 2022/12/15 3:44 a.m.70 views

CVE-2022-41561

The CVE-2022-41561 issue affects the JNDI Data Sources component of TIBCO JasperReports Server and related editions, allowing a privileged attacker with network access to achieve Remote Code Execution and obtain a reverse shell on the affected system. Affected products/versions include JasperRepo...

9.1CVSS7.8AI score0.01444EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/12/14 12:0 a.m.87 views

CVE-2022-31700

CVE-2022-31700 affects VMware Workspace ONE Access and Identity Manager. The vulnerability is an authenticated remote code execution flaw (RCE) in the product, with a CVSSv3 base score of 7.2 (Important). Public documents describe the issue as an authenticated RCE, potentially allowing code execu...

7.2CVSS7.3AI score0.01082EPSS
Exploits1References1Affected Software2
Zero Science Lab
Zero Science Lab
added 2022/12/14 12:0 a.m.279 views

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (upload.cgi) Unauthenticated Remote Code Execution

Summary The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound...

9.8CVSS6.4AI score0.01442EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2022/12/13 11:19 p.m.68 views

CVE-2022-27518: Critical Fix Released for Exploited Citrix ADC, Gateway Vulnerability

Emergent threats evolve quickly, and as we learn more about this vulnerability, this blog post will evolve, too. On Tuesday, December 13, 2022, Citrix published Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518 announcing fixes for a critical unauthenticated remote code execution...

1.1AI score0.06931EPSS
Exploits1
Rapid7 Blog
Rapid7 Blog
added 2022/12/13 9:24 p.m.103 views

Patch Tuesday - December 2022

As far as Patch Tuesdays go, defenders have a relatively light month to close out the year with only 48 CVEs being published by Microsoft today. This does not include the 24 previously disclosed vulnerabilities affecting their Chromium-based Edge browser. There are two zero-days in the mix today...

0.9AI score0.82081EPSS
Exploits7
Wiz blog
Wiz blog
added 2022/12/13 9:3 p.m.37 views

CVE-2022-27518 exploited in the wild by APT5: everything you need to know

Detect and mitigate CVE-2022-27518, a Citrix ADC and Gateway unauthenticated RCE 0-day exploited in the wild by a nation state actor. Organizations should patch urgently...

9.8CVSS7AI score0.06931EPSS
Exploits1
NVD
NVD
added 2022/12/13 7:15 p.m.72 views

CVE-2022-44702

Windows Terminal Remote Code Execution Vulnerability...

7.8CVSS0.01365EPSS
Exploits0References2
Talos Blog
Talos Blog
added 2022/12/13 7:6 p.m.42 views

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as "Critical", 41 are classified as "Important", with the remaining vulnerability classified as "Moderate." One of the critical vulnerabilities, which Microsoft...

2.7AI score0.82081EPSS
Exploits4
hivepro
hivepro
added 2022/12/13 11:11 a.m.55 views

Active exploitation of the Fortinet pre-auth RCE vulnerability

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Fortinet has addressed a critical security flaw in its FortiOS SSL-VPN product, which is being actively exploited in the wild. The heap-based buffer overflow bug in FortiOS sslvpnd is listed as...

2AI score0.99474EPSS
Exploits11
Tenable Nessus
Tenable Nessus
added 2022/12/13 12:0 a.m.143 views

Adobe Experience Manager 6.5.0.0 < 6.5.15.0 Multiple Vulnerabilities (APSB22-59)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.15.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB22-59 advisory. - Adobe Experience Manager version 6.5.14 and earlier is affected by a reflected Cross-Site Scripting XSS...

5.4CVSS5.4AI score0.00922EPSS
Exploits0References35
Tenable Nessus
Tenable Nessus
added 2022/12/13 12:0 a.m.61 views

Citrix ADC and Citrix Gateway RCE (CTX474995)

The remote Citrix ADC or Citrix Gateway device is version 12.1 before 12.1-65.25, 12.1-FIPS before 12.1-55.296 or 13.0 before 13.0-58.32. It is therefore affected by an unauthentictaed remote code execution vulnerability: - A vulnerability has been discovered in Citrix ADC formerly known as...

9.8CVSS9.6AI score0.06931EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/12/13 12:0 a.m.21 views

CVE-2022-44676 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

...

8.1CVSS8.3AI score0.0107EPSS
Exploits0References1
CVE
CVE
added 2022/12/13 12:0 a.m.84 views

CVE-2022-37155

SPIP CMS is affected by CVE-2022-37155: a remote authenticated attacker can execute arbitrary code via the _oups parameter. Affected versions include SPIP 3.1.13 through 4.1.2 (per the CVE entry); 3.2.x and 4.x series are also implicated by related advisories. The root cause is unauthenticated/au...

8.8CVSS8.6AI score0.39966EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/13 12:0 a.m.24 views

CVE-2022-44670 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

...

8.1CVSS6.7AI score0.01127EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/12/13 12:0 a.m.170 views

Microsoft Windows Raw Image Extensions Library RCE (December 2022)

The Windows 'Raw Image Extensions' app installed on the remote host is affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. The descriptive text an...

7.8CVSS8.5AI score0.00769EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/12/12 9:19 p.m.69 views

SnakeYaml Constructor Deserialization Remote Code Execution

Summary SnakeYaml's Constructor class, which inherits from SafeConstructor, allows any type be deserialized given the following line: new Yamlnew ConstructorTestDataClass.class.loadyamlContent; Types do not have to match the types of properties in the target class. A ConstructorException is throw...

9.8CVSS9AI score0.99615EPSS
Exploits7References19Affected Software1
NVD
NVD
added 2022/12/12 6:15 p.m.21 views

CVE-2022-3982

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE...

9.8CVSS0.04493EPSS
Exploits2References1
NVD
NVD
added 2022/12/12 6:15 p.m.9 views

CVE-2022-3921

The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE...

9.8CVSS0.21205EPSS
Exploits2References1
Prion
Prion
added 2022/12/12 6:15 p.m.18 views

Default credentials

The Booking calendar, Appointment Booking System WordPress plugin before 3.2.2 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE...

7.5CVSS9.6AI score0.04493EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder