Posts tagged 漏洞的披露

CVE-2022-22977: VMware Guest Authentication Service LPE (FIXED)

A low-privileged local attacker can prevent the VMware Guest Authentication service from running in a guest Windows environment 和 can crash this service.

5分钟漏洞的披露

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Comm和 Injection

Rapid7 discovered 和 reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning (ZTP), 识别为CVE-2022-30525.

4分钟紧急威胁响应

CVE-2022-28810: ManageEngine ADSelfService Plus Authenticated Comm和 Execution (Fixed)

On April 9, ManageEngine fixed CVE-2022-28810 with the release of ADSelfService Plus Build 6122.

4分钟研究

CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)

4月12日, 2022, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache.

7分钟漏洞的披露

CVE-2022-1026: Kyocera Net View Address Book Exposure

Rapid7 researcher Aaron Herndon has discovered that several models of Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information.

5分钟漏洞的披露

CVE-2021-4191: GitLab GraphQL API User Enumeration (FIXED)

2月25日, 2022, GitLab published a fix for CVE-2021-4191, a now-patched vulnerability resulting from a missing authentication check.

10分钟漏洞的披露

cve - 2021 - 20038..42: SonicWall SMA 100 Multiple Vulnerabilities (FIXED)

Over the course of routine security research, Rapid7 researcher Jake Baines discovered 和 reported five vulnerabilities involving the SonicWall Secure Mobile Access (SMA) 100 series of devices.

6分钟漏洞的披露

CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)

Rapid7 researchers discovered that the Akkadian Console version 4.7, a call manager solution, is affected by two vulnerabilities.

4分钟漏洞的披露

CVE-2021-3927[67]: Fortress S03 WiFi Home Security System Vulnerabilities

Rapid7 researcher Arvind Vishwakarma discovered multiple vulnerabilities in the Fortress S03 WiFi Home Security System.

5分钟网络安全

Fortinet FortiWeb OS Comm和 Injection

An OS comm和 injection vulnerability in FortiWeb's management interface can allow a remote, authenticated attacker to execute arbitrary comm和s on the system.

2分钟 Metasploit

Metasploit总结8/6/21

沙漠之热(不是1999年的电影) This week was more quiet than normal with Black Hat USA 和 DEF CON, but that didn’t stop the team from delivering some small enhancements 和 bug fixes! We are also excited to see two new modules #15519 [http://github.com/rapid7/metasploit-framework/pull/15519] 和 #15520 [http://github.com/rapid7/metasploit-framework/pull/15520] from researcher 雅各布·贝恩斯[http://twitter].com/Junior_Baines] DEF CON talk Bring Your Own Print Driver 脆弱性 [http://

13分钟漏洞的披露

Multiple 开源 Web App Vulnerabilities Fixed

While it's never great to learn of new vulnerabilities in your own product, all three project maintainers accepted, 验证, 和 provided fixes for these vulnerabilities within one day, which is amazing when it comes to vulnerability disclosure.

8分钟漏洞的披露

cve - 2020 - 7387..7390: Multiple Sage X3 Vulnerabilities

Four vulnerabilities involving Sage X3 were identified by Rapid7 researchers.

2分钟检测和响应

CVE-2021-20025: SonicWall 电子邮件 Security Appliance Backdoor Credential

虚拟, on-premises version of the SonicWall 电子邮件 Security Appliance ships with an undocumented, 静态的凭据, which can be used by an attacker to gain root privileges on the device.