5分钟
漏洞的披露
Refreshing Rapid7's Coordinated 漏洞的披露 Policy
Rapid7 has updated its coordinated vulnerability disclosure (CVD) policy 和 philosophy. In this article, you'll learn what prompted the changes.
4分钟
漏洞的披露
Cengage LTI Session Management Leakage
Cengage, an education technology provider in use in many higher education environments primarily in the United 状态s, had two issues in the way it h和led session management over its Learning Tools Integration (LTI) pipeline.
3分钟
漏洞的披露
CVE-2022-4261: Rapid7 Nexpose Update Validation Issue (FIXED)
曝光版本6.6.172 fixes an issue with how Nexpose validates update packages, CVE-2022-4261.
12分钟
漏洞的披露
CVE-2022-41622 和 CVE-2022-41800 (FIXED): F5 BIG-IP 和 iControl REST Vulnerabilities 和 Exposures
Rapid7 discovered several vulnerabilities 和 exposures in specific F5 BIG-IP 和 BIG-IQ devices in August 2022. 从那时起, members of our research team have worked with the vendor to discuss impact, 决议, 以及协调一致的反应.
8分钟
漏洞的披露
FLEXlm 和 Citrix ADM Denial of Service 脆弱性
Note: Updated October 20, 2022 to clarify that this bypasses CVE-2022-27512 和
not CVE-2022-27511, which has a different root cause.
On June 27, 2022, Citrix released an advisory
[http://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-和-cve202227512]
获取CVE-2022-27511 [http://nvd . net].nist.gov/vuln/detail/CVE-2022-27511] 和
cve - 2022 - 27512 (http://nvd.nist.gov/vuln/detail/CVE-2022-27512], which affect
Citrix ADM (Application Del
7分钟
漏洞的披露
Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)
Rapid7 discovered vulnerabilities in two TCP/IP-enabled medical devices produced by Baxter Healthcare.
21分钟
漏洞的披露
Rapid7 Discovered Vulnerabilities in Cisco ASA, ASDM, 和 FirePOWER 服务 Software
Rapid7 discovered vulnerabilities 和 non-security issues affecting Cisco ASA, ASDM, 和 FirePOWER 服务 Software for ASA.
5分钟
漏洞的披露
CVE-2022-31660 和 CVE-2022-31661 (FIXED): VMware Workspace ONE Access, 身份管理器, 和vRealize自动化LPE
VMware Workspace ONE Access, 身份管理器, 和 vRealize Automation products contain a locally exploitable privilege escalation vulnerability.
9分钟
漏洞的披露
QNAP Poisoned XML Comm和 Injection (Silently Patched)
In researching the mystery surrounding alleged exploitation in the wild of CVE-2020-2509, we found what make be an entirely new vulnerability.
8分钟
漏洞的披露
主武器 PII Disclosure via IDOR (FIXED)
主武器, a popular e-commerce site dealing in firearms 和 related merch和ise, suffers from an insecure direct object reference (IDOR) vulnerability.
3分钟
漏洞的披露
cve - 2022 - 35629..35632 伶盗龙 Multiple Vulnerabilities (FIXED)
This advisory covers a number of issues identified in 伶盗龙 和 fixed as of Version 0.6.5-2, 2022年7月26日上映.
5分钟
漏洞的披露
CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation
Rapid7 discovered a local privilege escalation vulnerability affecting Zyxel firewalls. The vulnerability allows a low privileged user, 比如“nobody”。, to escalate to `root` on affected firewalls.
5分钟
漏洞的披露
CVE-2021-3779: Ruby-MySQL Gem Client File Read (FIXED)
The ruby-mysql Ruby gem prior to version 2.10.0 maintained by Tomita Masahiro is vulnerable to an instance of CWE-610.
4分钟
漏洞的披露
CVE-2022-31749: WatchGuard Authenticated Arbitrary File Read/Write (Fixed)
A remote 和 low-privileged WatchGuard Firebox or XTM user can red arbitrary system files due to an argument injection vulnerability.
3分钟
漏洞的披露
CVE-2022-32230: Windows SMB Denial-of-Service 脆弱性 (FIXED)
cve - 2022 - 32230, a remote 和 unauthenticated attacker can trigger a denial-of-service condition on Microsoft Windows Domain Controllers.