Lucene search
K

137 matches found

Veracode
Veracode
added 2021/06/08 2:32 p.m.12 views

Privilege Escalation

xscreensaver is vulnerable to privilege escalation. The vulnerability exists due to of an incompatible setting in /usr/libexec/xscreensaver/sonar file...

7.8CVSS3.4AI score0.00318EPSS
Exploits0References3Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2021/05/14 2:50 p.m.41 views

Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Tom Sellers. There are certain services that are generally considered to be high-risk when found available on the public internet. As an exampl...

0.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/07 2:0 p.m.23 views

Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500

This blog post covers key takeaways from our 2021 Industry Cyber-Exposure Report ICER: Fortune 500. Original analysis for these findings was conducted by Bob Rudis. Complexity is the enemy when it comes to successful security outcomes in an organization. Diversity in systems, technologies, and...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/05/05 7:24 p.m.53 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): ASX 200

Today, we are excited to release the third report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in Australia’s ASX 200. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and wi...

0.4AI score
Exploits0
NVD
NVD
added 2021/04/21 7:15 p.m.19 views

CVE-2021-31523

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency...

7.8CVSS0.00318EPSS
Exploits0References2
OSV
OSV
added 2021/04/21 7:15 p.m.4 views

DEBIAN-CVE-2021-31523

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency...

7.8CVSS7.3AI score0.00318EPSS
Exploits0References1
OSV
OSV
added 2021/04/21 7:15 p.m.3 views

UBUNTU-CVE-2021-31523

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has capnetraw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency...

7.8CVSS5.8AI score0.00318EPSS
Exploits0References5
Rapid7 Blog
Rapid7 Blog
added 2021/04/16 2:41 p.m.64 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): FTSE 350

Today, we are excited to release the second report in our Industry Cyber-Exposure Report ICER series, which digs into cyber-exposure among organizations in the U.K.’s FTSE 350. This series focuses on five key areas we believe CISOs at mega-corporations actually have a shot at accomplishing, and...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/04/06 12:57 p.m.44 views

Rapid7 Releases New Industry Cyber-Exposure Report (ICER): Fortune 500

Today, Rapid7 just released the first in our all-new Industry Cyber-Exposure Report ICER series. For those of you who have been following our research over the past few years, you may immediately suspect us of unloading another 100+ page tome of internet-based findings around the internet—but not...

7.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/03/03 12:41 a.m.1861 views

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR’s Attacker Behavior Analytics ABA. The Managed Detection and Response MDR identified multiple, related compromises in the past 72 hours. In most...

7.5CVSS0.99999EPSS
Exploits73
Rapid7 Blog
Rapid7 Blog
added 2021/01/15 2:26 p.m.44 views

NICER Protocol Deep Dive: Internet Exposure of DNS-over-TLS

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

6.9AI score
Exploits0
Snyk
Snyk
added 2020/12/14 9:18 a.m.5 views

Command Injection

Overview sonar-wrapper is a package that wraps SonarQube Scanner as a node module. Affected versions of this package are vulnerable to Command Injection. The injection point is located in lib/sonarRunner.js. PoC var root = require"sonar-wrapper"; var options= 'sonar.projectName':'& touch JHU';...

9.8CVSS7.2AI score0.01112EPSS
Exploits1References2
Rapid7 Blog
Rapid7 Blog
added 2020/12/10 8:3 p.m.40 views

NICER Protocol Deep Dive: Internet Exposure of etcd

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2020/11/17 1:55 p.m.43 views

Don’t Put It on the Internet: Tesla Backup Gateway Edition

Derek Abdine, formerly Director of Rapid7 Labs, now CTO at Censys, contributed this blog post. This blog post aims to increase user awareness of the privacy and security risks of connecting devices to the internet. In this edition, we address Tesla Backup Gateways and identify some key areas wher...

0.5AI score
Exploits0
CNVD
CNVD
added 2020/11/03 12:0 a.m.6 views

SonarSource SonarQube Authentication Bypass Vulnerability

SonarSource SonarQube is an open source code quality management system from SonarSource Switzerland. An authentication bypass vulnerability exists in SonarQube version 8.4.2.36762, which allows an external attacker to implement authentication bypass via SonarScanner to create and overwrite public...

5.3CVSS7.3AI score0.0106EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2020/10/19 1:6 p.m.370 views

Are You Still Running End-of-Life Windows Servers?

Windows Server 2008 and 2008 R2 reached their end of life EOL on Jan. 14, 2020. What does that mean in practice? Well, any instances running these versions of Windows Server are no longer supported by Microsoft—no more automated fixes, updates, or technical assistance. From a security standpoint,...

9.3CVSS0.99512EPSS
Exploits75
Rapid7 Blog
Rapid7 Blog
added 2020/09/29 4:5 p.m.745 views

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support EoS on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date. During our work with Project Sonar, we consistently see the use of old and EoS software on the internet. This is...

9CVSS8.9AI score0.99965EPSS
Exploits30
Rapid7 Blog
Rapid7 Blog
added 2020/09/22 12:53 p.m.19 views

Rapid7 Releases Q2 2020 Quarterly Threat Report

It’s hard to believe it’s already the end of September, and with it comes Rapid7’s Q2 2020 Quarterly Threat Report. As in previous quarters, our Rapid7 research team produced this report by analyzing the data from our internet telemetry-gathering systems Project Sonar and Project Heisenberg, as...

7.2AI score
Exploits0
CNVD
CNVD
added 2020/09/17 12:0 a.m.3 views

Unspecified Vulnerability in CloudBees Jenkins Sonar Quality Gates Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Sonar Quality Gates Plugin is used in which a...

5.3CVSS7AI score0.00614EPSS
Exploits0References1
0day.today
0day.today
added 2020/07/17 12:0 a.m.445 views

Sonar Qube 8.3.1 - (SonarQube Service) Unquoted Service Path Vulnerability

Title: Sonar Qube 8.3.1 - 'SonarQube Service' Unquoted Service Path Author: Velayutham Selvaraj Vendor Homepage: https://www.sonarqube.org Software Link: https://www.sonarqube.org/downloads/ Version : 8.3.1 Tested on: Windows 10 64bitEN About Unquoted Service Path : ==============================...

0.2AI score
Exploits0
Rows per page
Query Builder