标签为漏洞披露的帖子

17分钟 漏洞的披露

CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)

Apache OFBiz低于18.12.16 is vulnerable to unauthenticated remote code execution (CVE-2024-45195) on Linux 和 Windows. Exploitation is facilitated by bypassing previous patches.

6分钟 漏洞的披露

CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery

Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).

10分钟 管理检测和响应(耐多药)

CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack

Justice AV Solutions (JAVS)是一家美国公司.S.-based company specializing in digital audio-visual recording solutions for courtroom environments. Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk 和 should take immediate action.

19分钟 紧急威胁响应

CVE-2024-27198 和 CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)

Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 和 CVE-2024-27199, both of which are authentication bypasses.

11分钟 漏洞的披露

CVE-2023-47218: QNAP QTS 和 QuTS Hero Unauthenticated Comm和 Injection (FIXED)

Rapid7 has identified an unauthenticated comm和 injection vulnerability in the QNAP operating system known as QTS, a core part of the firmware for numerous QNAP entry- 和 mid-level Network Attached Storage (NAS) devices.

1分钟 伶盗龙

CVE-2023-5950 Rapid7 伶盗龙 Reflected XSS

This advisory covers a specific issue identified in 伶盗龙 和 disclosed by a security code review. Rapid7 伶盗龙 versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability.

8分钟 漏洞的披露

Multiple Vulnerabilities in South River Technologies Titan MFT 和 Titan SFTP [FIXED]

As part of our continuing research project into managed file transfer risk, including JSCAPE MFT 和 Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT 和 Titan SFTP servers.

4分钟 漏洞的披露

CVE-2023-4528: Java Deserialization 脆弱性 in JSCAPE MFT (Fixed)

2023年8月, Rapid7发现CVE-2023-4528, a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. 成功ful exploitation can run arbitrary Java code as the `root` on Linux or the `SYSTEM` user on Windows.

6分钟 漏洞的披露

CVE-2023-35082 - MobileIron Core Unauthenticated API Access 脆弱性

Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2及以下).

5分钟 漏洞的披露

CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]

Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.

7分钟 漏洞的披露

CVE-2023-29298: Adobe ColdFusion Access Control Bypass

Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.

22分钟 漏洞的披露

Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]

Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.

4分钟 漏洞的披露

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

A vulnerability in Raptor Technology Volunteer Management for Schools is being disclosed in accordance with Rapid7’s vulnerability disclosure policy.

33分钟 漏洞的披露

Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)

In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software UniData UniRPC. We worked with the company to fix issues 和 coordinate this disclosure.

7分钟 漏洞的披露

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate 脆弱性 和 Weak Installation Procedures

Rapid7 has discovered three security concerns in CloudPanel from MGT-COMMERCE, a self-hosted web administration solution.