Lucene search
K

750 matches found

The Hacker News
The Hacker News
added 2022/05/17 3:17 a.m.444 views

Watch Out! Hackers Begin Exploiting Recent Zyxel Firewalls RCE Vulnerability

--- Image source: z3r00t The U.S. Cybersecurity and Infrastructure Security Agency on Monday added two security flaws, including the recently disclosed remote code execution bug affecting Zyxel firewalls, to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation...

10CVSS2.9AI score0.99938EPSS
Exploits79
GithubExploit
GithubExploit
added 2022/05/16 3:27 p.m.554 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Spring Cloud Gateway Actuator API SpEL expres...

10CVSS7.3AI score0.98253EPSS
Exploits54
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/16 12:0 a.m.61 views

VMware Spring Cloud Gateway Code Injection Vulnerability

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured...

10CVSS2.8AI score0.98253EPSS
In wildExploits54
vulnersOsv
vulnersOsv
added 2022/05/14 1:27 a.m.5 views

cn.home1:spring-cloud-eureka-server (>=0.0.1 <=1.0.1.U1), com.github.springcloud:moss-client-1.x (=1.0.1.RELEASE) +162 more potentially affected by CVE-2018-1000129 via org.jolokia:jolokia-core (>=1.3.7 <=1.4.0)

org.jolokia:jolokia-core MAVEN version =1.3.7, =0.0.1, =1.2.0, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =1.5.4, =0.1.5, =0.1.5, =2.0-beta-1, =2.3.0, =2.7.1 and more Source cves: CVE-2018-1000129 Source advisory: OSV:GHSA-HFPG-GQJW-779M...

6.1CVSS6.6AI score0.25459EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/13 1:33 a.m.6 views

com.mozu:mozu-api-jobs (>=1.0.13 <=1.0.23), gradle.plugin.com.atc.gradle.plugins.xd:spring-xd-deploy-plugin (>=0.0.1 <=0.0.8) +25 more potentially affected by CVE-2018-1229 via org.springframework.batch:spring-batch-admin-manager (>=1.3.0.RELEASE <=1.3.1.RELEASE)

org.springframework.batch:spring-batch-admin-manager MAVEN version =1.3.0.RELEASE, =1.0.13, =0.0.1, =1.3.1.RELEASE, =1.6.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.7.3.RELEASE -...

6.1CVSS6.3AI score0.00754EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.21 views

Issuer validation regression in Spring Cloud SSO Connector

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

8.1CVSS6.8AI score0.01589EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 1:7 a.m.15 views

GHSA-Q4Q2-93PW-QWGF Issuer validation regression in Spring Cloud SSO Connector

Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which use this version of...

8.1CVSS7.9AI score0.01589EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/05/13 1:4 a.m.4 views

at.newmedialab.ldpath:ldpath-api (>=0.9.12 <=0.9.13), at.newmedialab.ldpath:ldpath-backend-jena (>=0.9.12 <=0.9.13) +1790 more potentially affected by CVE-2018-8088 via org.slf4j:slf4j-ext (>=1.0-alpha0 <=1.7.25)

org.slf4j:slf4j-ext MAVEN version =1.0-alpha0, =0.9.12, =0.9.12, =0.9.12, =0.9.12, =0.9.11, =0.9.12, =0.1-1, =2.3.0, =2.3.1 and more Source cves: CVE-2018-8088 Source advisory: OSV:GHSA-W77P-8CFG-2X43...

9.8CVSS6.8AI score0.15087EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/05/11 12:0 a.m.7 views

The vulnerability of the Spring Cloud Config server arises due to an incorrect path name limitation for the restricted access catalog, allowing attackers to expose the protected information.

The vulnerability of the Spring Cloud Config server exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to expose the protected information using a specially created URL address...

6.5CVSS6.4AI score0.85295EPSS
Exploits6References4Affected Software2
OpenVAS
OpenVAS
added 2022/05/06 12:0 a.m.28 views

VMware Spring Cloud Function < 3.1.7, 3.2.x < 3.2.3 RCE Vulnerability - Active Check

VMware Spring Cloud Function is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

9.8CVSS7.5AI score0.99939EPSS
Exploits36References5
Spring Security Advisories
Spring Security Advisories
added 2022/05/03 6:0 p.m.17 views

This Week in Spring - May 3rd, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you doin? Im excited! This week Im speaking at the ArabJUG, and Ill be speaking at Microsofts huuuge JDConf event. Both of these are virtual. Then, next Monday, Im on a plane bound for London, UK, where Ill be speakin...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2022/04/27 6:15 a.m.26 views

This Week in Spring - April 26th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I was hoping to be in glorious Chicago, Illinois for the first in-person SpringOne Tour installment since the pandemic. But, alas, I couldnt go because - out of an abundance of caution, and since I was exposed to...

6.9AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2022/04/27 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-22947

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured...

10CVSS7.2AI score0.98253EPSS
Exploits54References1
Kitploit
Kitploit
added 2022/04/24 9:30 p.m.576 views

Spring4Shell-Scan - A Fully Automated, Reliable, And Accurate Scanner For Finding Spring4Shell And Spring Cloud RCE Vulnerabilities

A fully automated, reliable, and accurate scanner for finding Spring4Shell and Spring Cloud RCE vulnerabilities Features Support for lists of URLs. Fuzzing for more than 10 new Spring4Shell payloads previously seen tools uses only 1-2 variants. Fuzzing for HTTP GET and POST methods. Automatic...

9.8CVSS9.2AI score0.99939EPSS
Exploits131References2
Spring Security Advisories
Spring Security Advisories
added 2022/04/22 12:0 a.m.11 views

A Bootiful Podcast: Spring Cloud legend Glenn Renfro about batch processing, tasks, stream processing, data flow, and t-shirts

Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment Josh Long @starbuxman talks to Spring Cloud luminary and all around lovable guy Glenn Renfro @cppwfs about batch processing, tasks, messaging, integration, data flow, and a million other things. Also:...

2.3AI score
Exploits0
GithubExploit
GithubExploit
added 2022/04/15 3:41 p.m.61 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

Spring Cloud Gateway Actuator API SpEL Code Injection CVE-202...

10CVSS7.6AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/04/14 11:10 a.m.441 views

Exploit for Code Injection in Vmware Spring_Cloud_Function

Spring Cloud Function SpEL Expression Injection Vulnerability...

9.8CVSS7.7AI score0.99939EPSS
Exploits36
Tenable Nessus
Tenable Nessus
added 2022/04/14 12:0 a.m.158 views

VMware Spring Cloud Function < 3.1.7 / 3.2.x < 3.2.3 SPEL Expression Injection (local check)

The version of Spring Cloud Function running on the remote host is affected by a remote code execution vulnerability in the routing functionality. A remote, unauthenticated attacker could provide a specially crafted SpEL as a routing expression that may result in remote code execution on the remo...

9.8CVSS9.2AI score0.99939EPSS
Exploits36References4
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.5 views

The vulnerability lies in the implementation of the TrustManager library’s authentication verification technology for creating Spring Cloud Gateway API gateways. This allows attackers to access remote services.

The vulnerability of the implementation of the TrustManager library for creating Spring Cloud Gateway API gateways is related to errors in the authentication process. Exploiting this vulnerability can allow attackers to access remote services...

5.3CVSS6.6AI score0.04732EPSS
Exploits0References4Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2022/04/12 10:0 p.m.17 views

This Week in Spring - April 12th, 2022 (Devnexus 2022 Edition!!)

This Week in Spring - Devnexus Edition Hi, Spring fans! Welcome to another installment of This Week in Spring - Im at my first in-person event since the virus: Devnexus! WOOHOOO!! Well, technically Im still in San Francisco as I write this, but Ill be in Atlanta, GA tomorrow for… Devnexus! I hope...

0.8AI score
Exploits0
Rows per page
Query Builder