Lucene search
K

183 matches found

Veracode
Veracode
added 2019/05/02 5:5 a.m.23 views

Arbitrary Code Execution

X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...

6.5CVSS7.9AI score0.04373EPSS
Exploits0References17Affected Software1
Veracode
Veracode
added 2019/05/02 5:5 a.m.18 views

Arbitrary Code Execution

X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...

6.5CVSS7.9AI score0.04373EPSS
Exploits0References17Affected Software1
Veracode
Veracode
added 2019/05/02 5:5 a.m.19 views

Arbitrary Code Execution

X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...

6.5CVSS7.9AI score0.04299EPSS
Exploits0References14Affected Software1
Veracode
Veracode
added 2019/05/02 5:5 a.m.20 views

Arbitrary Code Execution

X.Org server is vulnerable to arbitrary code execution. Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server...

6.5CVSS7.8AI score0.04373EPSS
Exploits0References18Affected Software1
Oracle linux
Oracle linux
added 2018/11/08 12:0 a.m.650 views

spice-server security update

0.12.4-16.2 - Prevent potential buffer/integer overflows with invalid MonitorsConfig messages sent from an authenticated client Resolves: CVE-2017-7506 0.12.4-16.1 - Fix flexible array buffer overflow Resolves: rhbz1596008...

8.8CVSS4.9AI score0.04204EPSS
Exploits0
Prion
Prion
added 2018/06/20 6:29 p.m.16 views

Privilege escalation

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool,...

6.5CVSS8.7AI score0.01284EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2018/06/20 6:29 p.m.16 views

CVE-2018-10841

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool,...

8.8CVSS7.7AI score0.01284EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2018/06/20 6:29 p.m.34 views

CVE-2018-10841

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool,...

8.8CVSS6.9AI score0.01284EPSS
Exploits0References5
OSV
OSV
added 2018/06/20 6:29 p.m.28 views

CVE-2018-10841

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool,...

8.8CVSS9AI score0.01284EPSS
Exploits0References6
OSV
OSV
added 2018/06/20 6:29 p.m.2 views

UBUNTU-CVE-2018-10841

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool,...

8.8CVSS6.8AI score0.01284EPSS
Exploits0References6
Cvelist
Cvelist
added 2018/06/20 6:0 p.m.28 views

CVE-2018-10841

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool,...

6.6CVSS8.7AI score0.01284EPSS
Exploits0References6
CVE
CVE
added 2018/06/20 6:0 p.m.117 views

CVE-2018-10841

GlusterFS on server nodes is vulnerable to privilege escalation via an authenticated TLS client that uses gluster CLI --remote-host to add itself to the trusted storage pool and perform privileged operations (e.g., managing volumes). The description specifies the root cause as a trust-pool escala...

8.8CVSS8.6AI score0.01284EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2018/06/20 6:0 p.m.32 views

CVE-2018-10841

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool,...

8.8CVSS7.8AI score0.01284EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/06/20 12:0 a.m.3 views

PT-2018-10135 · Red Hat +2 · Glusterfs +2

Name of the Vulnerable Software and Affected Versions: glusterfs affected versions not specified Description: The issue allows for privilege escalation on gluster server nodes. An authenticated gluster client using TLS can exploit this by utilizing the gluster cli with the --remote-host command...

8.8CVSS6.7AI score0.05374EPSS
Exploits1References70
Tenable Nessus
Tenable Nessus
added 2017/08/16 12:0 a.m.41 views

FreeBSD : Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests (c9460380-81e3-11e7-93af-005056925db4)

mnaberez reports : supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerabilit...

9CVSS7.8AI score0.87544EPSS
Exploits10References4
RedHat Linux
RedHat Linux
added 2017/08/01 2:9 p.m.3 views

samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks

A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory...

6.8CVSS5.7AI score0.04189EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2017/08/01 7:46 a.m.9 views

samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks

A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory...

6.8CVSS5.7AI score0.04189EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2017/07/24 12:0 a.m.47 views

Supervisord -- An authenticated client can run arbitrary shell commands via malicious XML-RPC requests

mnaberez reports: supervisord can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. The HTTP server is how supervisorctl communicates with supervisord. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability...

9CVSS8.8AI score0.87544EPSS
Exploits10References2
Broadcom
Broadcom
added 2017/06/23 12:0 a.m.8 views

BSA-2017-339

Security Advisory ID : BSA-2017-339 Component : OpenVPN Revision : 2.0: Interim An authenticated client can cause the server's the packet-id counter to roll over, which would lead the server process to hit anASSERT and stop running. To make the server hit theASSERT, the client must first cause th...

6.5CVSS6.8AI score0.01867EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2017/06/05 7:26 a.m.7 views

samba: Loading shared modules from any path in the system leading to RCE (SambaCry)

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root...

10CVSS8.1AI score0.99448EPSS
Exploits24References6
Rows per page
Query Builder