CVE-2018-12678

Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks...

EUVD-2024-3593

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-12678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a...

govulncheck-vulndb-0.0.20241220T214820-1.1 on GA media (moderate)

govulncheck-vulndb-0.0.20241220T214820-1.1 on GA media Announcement ID: openSUSE-SU-2024:14608-1 Rating: moderate Cross-References: CVE-2024-12678 CVE-2024-25131 CVE-2024-43803 CVE-2024-9779 CVSS scores: CVE-2024-12678 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-12678 SUSE :...

GHSA-HR68-HVGV-XXQF Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...

Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...

CVE-2024-12678

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...

CVE-2024-12678

creationtimestamp| type| source ---|---|--- 2024-12-20 01:55:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113682658072893365 2024-12-20 02:15:37+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldpcwibgf52z 2024-12-20 04:12:03+00:00| seen|...

CVE-2024-12678 Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...

CVE-2024-12678 Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...

CVE-2024-12678

Nomad CVE-2024-12678 affects Nomad Community Edition and Nomad Enterprise allocations, where privilege escalation within a namespace can occur via unredacted workload identity tokens. Affected versions: Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. Root cause: unred...

RHEL 7 : taglib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - taglib: Incorrect cast in rebuildAggregateFrames function CVE-2017-12678 Note that Nessus has not tested for this...

RHEL 6 : taglib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - taglib: Incorrect cast in rebuildAggregateFrames function CVE-2017-12678 - The parse function in...

CVE-2017-12678 affecting package taglib for versions less than 1.13.1-1

CVE-2017-12678 affecting package taglib for versions less than 1.13.1-1. An upgraded version of the package is available that resolves this issue...

Mageia: Security Advisory (MGASA-2017-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-2772-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-12678

...

CVE-2020-12678

CVE-2020-12678 entry is rejected/not used per the initial description.

EulerOS 2.0 SP2 : taglib (EulerOS-SA-2019-2482)

According to the versions of the taglib package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure heap-based...

CVE-2019-12678

The CVE-2019-12678 issue affects Cisco ASA/FTD SIP inspection: an unauthenticated remote attacker can send malicious SIP packets to trigger an integer underflow in the SIP parsing module, causing the device to read unmapped memory and crash. Root cause: improper SIP message parsing in the SIP ins...