cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41111,https://securityvulnerability.io/vulnerability/CVE-2024-41111,"Sliver Vulnerable to RCE, Could Pwn Server","The vulnerability in Sliver, an open-source cross-platform adversary emulation framework from BishopFox, allows a low-privileged 'operator' user to execute commands on the teamserver as the system root user, leading to unauthorized actions. This flaw enables operators to access console logs, terminate other operator sessions, and manipulate or delete files on the server. Although this issue has been recognized and flagged in previous discussions, it remains unaddressed in the current prerelease version 1.6.0. Organizations using this version are strongly advised against deploying it in production environments until a fix is implemented.",Bishopfox,Sliver,7.2,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-07-18T23:15:00.000Z,0
CVE-2023-34758,https://securityvulnerability.io/vulnerability/CVE-2023-34758,Improper Cryptographic Implementation in Sliver from Tangent,"The Sliver framework, ranging from versions v1.5.x to v1.5.39, exhibits an improper cryptographic implementation flaw. This vulnerability potentially allows an attacker to launch a man-in-the-middle attack by intercepting and manipulating responses, placing sensitive information at risk. It underscores the need for robust cryptographic practices to ensure secure communications within the framework.",Bishopfox,Sliver,8.1,HIGH,0.0012600000482052565,false,,false,false,false,,,false,false,,2023-08-28T00:00:00.000Z,0