Lucene search
K

111 matches found

Amazon
Amazon
added 2024/05/03 12:0 a.m.4 views

Important: unbound

Issue Overview: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw...

8CVSS6.9AI score0.00318EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/04/15 1:46 a.m.29 views

Important: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8CVSS6.6AI score0.00318EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/15 1:30 a.m.43 views

Important: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8CVSS6.9AI score0.99995EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/12/15 12:0 a.m.15 views

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2023-3431)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.5AI score0.52164EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.8 views

PT-2023-28168 · Jenkins · Jenkins Job Configuration History Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Job Configuration History Plugin versions 1227.v7a 79fc4dc01f and earlier Description: The issue allows attackers to manipulate the configuration history rendered by Jenkins, as the 'name' query parameter is not restricted when...

4.3CVSS4.2AI score0.0076EPSS
Exploits0References6
NVD
NVD
added 2023/02/15 10:15 a.m.25 views

CVE-2022-45153

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created...

7.8CVSS7.1AI score0.00223EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.3 views

SUSE CVE-2005-3300

The registerglobals emulation layer in grabglobals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use...

5CVSS7.5AI score0.02706EPSS
Exploits0References9
Huntr
Huntr
added 2023/01/25 3:18 p.m.30 views

Privilege Escalation from customer to root

Privilege Escalation from Customer to Root First of all, sorry for the formatting of the report, but this platform is a mess. I can't attach any PoC files added chapters at the end of the report instead, can't attach any screenshots, nor provide a report as PDF. And btw markdown is only partly...

6.5CVSS9.3AI score0.01119EPSS
Exploits1
GithubExploit
GithubExploit
added 2022/11/11 8:58 p.m.461 views

Exploit for Path Traversal in Zimbra Collaboration

CVE-2022-41352 Zimbra Unauthenticated RCE CVE-2022-41352...

9.8CVSS9.8AI score0.95478EPSS
Exploits7
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.6 views

CVE-2021-27406 PerFact OpenVPN-Client

An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the config command from any application running on the local host machine to force the back-end server into initializing a new open-VPN instance with arbitrary open-VPN configuration. This could result in t...

8.8CVSS8.7AI score0.00921EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/31 4:15 p.m.1 views

CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

9.8CVSS7.5AI score0.01395EPSS
Exploits0References3
NVD
NVD
added 2022/08/31 4:15 p.m.26 views

CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

9.8CVSS0.01395EPSS
Exploits0References2
CVE
CVE
added 2022/08/31 3:39 p.m.87 views

CVE-2022-30318

CVE-2022-30318 affects Honeywell ControlEdge (PLC/RTU) through R151.1, where the SSH service on port 22 uses root credentials that are hardcoded and not automatically changed at first commissioning. This creates a vulnerability to remote code execution, configuration manipulation, and denial of s...

9.8CVSS9.5AI score0.01395EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/31 3:39 p.m.29 views

CVE-2022-30318

Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of...

9.8AI score0.01395EPSS
Exploits0References2
ICS
ICS
added 2022/07/26 12:0 a.m.103 views

Honeywell Saia Burgess PG5 PCD

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable on adjacent network/low attack complexity Vendor: Honeywell Equipment: Saia Burgess PG5 PCD Vulnerabilities: Authentication Bypass, Use of a Broken or Risky Cryptographic Algorithm CISA is aware of a public report known as “OT:ICEFALL” that...

8.1CVSS6.9AI score0.00655EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.4 views

Motorola Solutions ACE1000 信任管理问题漏洞

The Motorola Solutions ACE1000 is a Remote Terminal Unit from Motorola Solutions USA. A security vulnerability exists in the Motorola Solutions ACE1000 RTU version, which stems from a hard-coded SSH private key shipped with the affected product, and can be exploited by an attacker to manipulate...

9.8CVSS8.3AI score0.00874EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/02/17 12:0 a.m.4 views

ZEIT Next.js 安全漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A security vulnerability exists in ZEIT Next.js that stems from the product's UI not restricting the display of critical information. An attacker could cause information leakage by...

7.5CVSS7.3AI score0.01767EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/09/14 12:0 a.m.9 views

Siemens SINEC NMS 跨站请求伪造漏洞

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. A cross-site request forgery vulnerability exists in Siemens SINEC NM...

8.8CVSS5.5AI score0.00415EPSS
Exploits0References4
CNVD
CNVD
added 2021/02/25 12:0 a.m.8 views

Cisco NX-OS Cross-Site Request Forgery Vulnerability

Cisco NX-OS is the network operating system for the Cisco Nexus family of Ethernet switches and the MDS family of Fibre Channel storage area network switches. A cross-site request forgery CSRF vulnerability exists in the NX-API feature of Cisco NX-OS. The vulnerability stems from insufficient CSR...

8.1CVSS7AI score0.00668EPSS
Exploits0References1
CNVD
CNVD
added 2021/01/05 12:0 a.m.28 views

Wyse ThinOS Licensing Issues Vulnerability

Wyse ThinOS is a specialized operating system for Dell servers from Dell USA. A security vulnerability exists in Wyse ThinOS 8.6 and prior versions, which can be exploited by an attacker to access writable files and manipulate the configuration of any targeted specific site...

10CVSS6.8AI score0.01736EPSS
Exploits0References1
Rows per page
Query Builder