Lucene search

K

Ray Security Vulnerabilities

cve
cve

CVE-2023-48023

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network...

9.1CVSS

8.4AI Score

0.326EPSS

2023-11-28 08:15 AM
24
cve
cve

CVE-2023-48022

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network...

9.8CVSS

8.8AI Score

0.014EPSS

2023-11-28 08:15 AM
45
cve
cve

CVE-2023-6020

LFI in Ray's /static/ directory allows attackers to read any file on the server without...

7.5CVSS

8.3AI Score

0.071EPSS

2023-11-16 09:15 PM
37
cve
cve

CVE-2023-6021

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...

7.5CVSS

8AI Score

0.804EPSS

2023-11-16 05:15 PM
38
cve
cve

CVE-2023-6019

A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here:...

9.8CVSS

8.6AI Score

0.804EPSS

2023-11-16 05:15 PM
53
cve
cve

CVE-2023-28823

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local...

7.3CVSS

8.3AI Score

0.0004EPSS

2023-08-11 03:15 AM
20
cve
cve

CVE-2023-27391

Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local...

6.7CVSS

7.9AI Score

0.0004EPSS

2023-08-11 03:15 AM
20
cve
cve

CVE-2023-22355

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local...

7.8CVSS

7.7AI Score

0.0004EPSS

2023-05-10 02:15 PM
29
cve
cve

CVE-2009-4294

Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown...

7.8AI Score

0.013EPSS

2022-10-03 04:24 PM
21
cve
cve

CVE-2009-4314

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU...

6.4AI Score

0.0005EPSS

2022-10-03 04:24 PM
21
cve
cve

CVE-2009-4295

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network...

6.3AI Score

0.001EPSS

2022-10-03 04:24 PM
19
cve
cve

CVE-2002-2036

Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP...

7AI Score

0.004EPSS

2022-10-03 04:23 PM
24
cve
cve

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....

9.8CVSS

9.4AI Score

0.004EPSS

2022-02-21 11:15 AM
133
2
cve
cve

CVE-2021-24046

A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before...

5.3CVSS

5.2AI Score

0.001EPSS

2022-01-14 06:15 PM
23
cve
cve

CVE-2020-11716

Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at...

9.8CVSS

9.4AI Score

0.002EPSS

2020-05-20 02:15 PM
21
cve
cve

CVE-2019-15376

The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on....

5.5CVSS

5.3AI Score

0.0004EPSS

2019-11-14 05:15 PM
24
cve
cve

CVE-2019-15378

The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on....

5.5CVSS

5.3AI Score

0.0004EPSS

2019-11-14 05:15 PM
26
cve
cve

CVE-2015-3195

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory...

5.3CVSS

6.3AI Score

0.018EPSS

2015-12-06 08:59 PM
137
cve
cve

CVE-2015-4727

Unspecified vulnerability in Oracle Virtualization Sun Ray Software before 5.4.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web...

3.7AI Score

0.004EPSS

2015-07-16 11:00 AM
20
cve
cve

CVE-2009-2489

Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown...

6.5AI Score

0.0004EPSS

2009-07-16 04:30 PM
19
cve
cve

CVE-2009-2490

Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource...

6.9AI Score

0.0004EPSS

2009-07-16 04:30 PM
20
cve
cve

CVE-2009-2491

The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource...

6.5AI Score

0.0004EPSS

2009-07-16 04:30 PM
17
cve
cve

CVE-2008-5423

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified...

6.2AI Score

0.0004EPSS

2008-12-11 03:30 PM
22
cve
cve

CVE-2008-5422

Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified...

6.7AI Score

0.015EPSS

2008-12-11 03:30 PM
27
cve
cve

CVE-2008-3166

PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath...

7.5AI Score

0.061EPSS

2008-07-14 11:41 PM
25
cve
cve

CVE-2008-2503

Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown impact and remote attack...

7AI Score

0.002EPSS

2008-05-29 11:32 PM
21
cve
cve

CVE-2008-2502

Unspecified vulnerability in the web server in eMule X-Ray before 1.4 allows remote attackers to trigger memory corruption via unknown attack...

6.9AI Score

0.008EPSS

2008-05-29 11:32 PM
17
cve
cve

CVE-2008-2112

Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to...

6.3AI Score

0.005EPSS

2008-05-08 12:20 AM
19
4
cve
cve

CVE-2007-6481

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to create or delete arbitrary directories via unspecified...

6.8AI Score

0.006EPSS

2007-12-20 08:46 PM
17
4
cve
cve

CVE-2007-6482

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified...

6.7AI Score

0.038EPSS

2007-12-20 08:46 PM
19
4
cve
cve

CVE-2007-0482

cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local...

6.3AI Score

0.001EPSS

2007-01-25 12:28 AM
28
cve
cve

CVE-2006-4049

Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack...

6.3AI Score

0.0004EPSS

2006-08-09 11:04 PM
22
cve
cve

CVE-2004-0701

Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized...

6.9AI Score

0.001EPSS

2004-07-27 04:00 AM
26