Lucene search
K

243 matches found

Palo Alto Networks
Palo Alto Networks
added 2019/07/15 10:15 p.m.58 views

Information Disclosure in PAN-OS Management API Usage

An Information Disclosure vulnerability exists in PAN-OS Management API usage Ref PAN-107239 and PAN-118869 / CVE-2019-1575 Successful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API in PAN-...

1.6AI score0.01683EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2019/07/15 10:15 p.m.10 views

Information Disclosure in PAN-OS Management API Usage

An Information Disclosure vulnerability exists in PAN-OS Management API usage Ref PAN-107239 and PAN-118869 / CVE-2019-1575 Successful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API in PAN-...

8.8CVSS7.1AI score0.01683EPSS
Exploits0References1
OSV
OSV
added 2019/01/16 8:29 p.m.1 views

DEBIAN-CVE-2017-3144

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond...

7.5CVSS5.6AI score0.72724EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/06/01 6:0 p.m.26 views

CVE-2016-10576

Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

8.3AI score0.01682EPSS
Exploits0References1
CVE
CVE
added 2018/06/01 6:0 p.m.63 views

CVE-2016-10576

The CVE-2016-10576 entry affects the Fuseki server wrapper and management API in Fuseki prior to 1.0.1. The issue arises because it downloads binary resources over HTTP, making it susceptible to MITM attacks. An attacker on the network or positioned between the user and the remote server could sw...

9.3CVSS8.3AI score0.01682EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2018/01/25 11:19 a.m.6 views

dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service

It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality...

7.5CVSS6.6AI score0.72724EPSS
Exploits0References5
Qualys Blog
Qualys Blog
added 2017/06/19 10:35 p.m.14 views

Qualys Cloud Platform 2.27 New Features

This release of the Qualys Cloud Platform version 2.27 includes updates and new features for Cloud Agent and AssetView as follows: Highlights Platform / Cloud Agent API Host Asset Management API – updated to query on and return additional Cloud Agent attributes. The new attribute fields are not...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2016/11/03 8:10 a.m.8 views

dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS

A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding...

7.1CVSS5.9AI score0.73622EPSS
Exploits0References5
Prion
Prion
added 2015/09/03 2:59 p.m.19 views

Code injection

The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, 4 mdare6452.sys, and 5 Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a P...

7.2CVSS7.1AI score0.00515EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2013/08/31 5:0 p.m.26 views

CVE-2013-5664

Cross-site scripting XSS vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908...

5.7AI score0.02294EPSS
Exploits0References1
Prion
Prion
added 2013/04/25 10:55 a.m.24 views

Design/Logic Flaw

The management API in the XML API management service in the Manager component in Cisco Unified Computing System UCS 1.x before 1.21b allows remote attackers to cause a denial of service service outage via a malformed request, aka Bug ID CSCtg48206...

7.8CVSS7AI score0.0133EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2012/12/18 12:0 a.m.22 views

Fedora Update for librdmacm FEDORA-2012-19892

Check for the Version of librdmacm OpenVAS Vulnerability Test Fedora Update for librdmacm FEDORA-2012-19892 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

5.8CVSS0.5AI score0.02112EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/05/12 12:0 a.m.12 views

Solaris 10 (sparc) : 125388-03

SunOS 5.10: SNIA Multipath Management API. Date this patch was last updated by Sun : May/21/10 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

7AI score
Exploits0References1
Prion
Prion
added 2008/08/04 1:41 a.m.20 views

Stack overflow

Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long filename to the file...

9.3CVSS8.4AI score0.038EPSS
Exploits2References15
NVD
NVD
added 2008/08/04 1:41 a.m.19 views

CVE-2008-2320

Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long filename to the file...

9.3CVSS7.9AI score0.038EPSS
Exploits2References15
Cvelist
Cvelist
added 2008/08/04 1:0 a.m.26 views

CVE-2008-2320

Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long filename to the file...

8.9AI score0.038EPSS
Exploits2References15
seebug.org
seebug.org
added 2008/08/04 12:0 a.m.39 views

Apple Mac OS X CarbonCore栈溢出漏洞

BUGTRAQ ID: 30487 CVECAN ID: CVE-2008-2320 Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的CarbonCore组件是一些底层Mac OS Toolbox管理器的工具集,CarbonCore的文件名解析代码中存在栈溢出漏洞,如果向CarbonCore框架文件管理API传送了超长文件名就可以触发这个溢出,导致执行任意指令。 Apple Mac OS X 10.5.4 Apple Mac OS X 10.4.11 Apple MacOS X Server 10.5.4 Apple MacOS X Server 10.4.11...

9.3CVSS6.6AI score0.038EPSS
Exploits2
OpenVAS
OpenVAS
added 2008/01/31 12:0 a.m.30 views

Debian Security Advisory DSA 1470-1 (horde3)

The remote host is missing an update to horde3 announced via advisory DSA 1470-1. OpenVAS Vulnerability Test $Id: deb14701.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1470-1 horde3 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

5.8CVSS0.2AI score0.01774EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/01/31 12:0 a.m.17 views

Debian: Security Advisory (DSA-1470-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS7.7AI score0.01774EPSS
Exploits1References3
Debian
Debian
added 2008/01/20 10:29 p.m.26 views

[SECURITY] [DSA 1470-1] New horde3 packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-1470-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2008 http://www.debian.org/security/faq -...

5.8CVSS5.9AI score0.01774EPSS
Exploits1
Rows per page
Query Builder