243 matches found
Information Disclosure in PAN-OS Management API Usage
An Information Disclosure vulnerability exists in PAN-OS Management API usage Ref PAN-107239 and PAN-118869 / CVE-2019-1575 Successful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API in PAN-...
Information Disclosure in PAN-OS Management API Usage
An Information Disclosure vulnerability exists in PAN-OS Management API usage Ref PAN-107239 and PAN-118869 / CVE-2019-1575 Successful exploitation may allow for an authenticated user with read-only privileges to extract the API key of the device and the username/password from the XML API in PAN-...
DEBIAN-CVE-2017-3144
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond...
CVE-2016-10576
Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...
CVE-2016-10576
The CVE-2016-10576 entry affects the Fuseki server wrapper and management API in Fuseki prior to 1.0.1. The issue arises because it downloads binary resources over HTTP, making it susceptible to MITM attacks. An attacker on the network or positioned between the user and the remote server could sw...
dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service
It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality...
Qualys Cloud Platform 2.27 New Features
This release of the Qualys Cloud Platform version 2.27 includes updates and new features for Cloud Agent and AssetView as follows: Highlights Platform / Cloud Agent API Host Asset Management API – updated to query on and return additional Cloud Agent attributes. The new attribute fields are not...
dhcp: unclosed TCP connections to OMAPI or failover ports can cause DoS
A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding...
Code injection
The 1 mdare6448.sys, 2 mdare3248.sys, 3 mdare3252.sys, 4 mdare6452.sys, and 5 Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a P...
CVE-2013-5664
Cross-site scripting XSS vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908...
Design/Logic Flaw
The management API in the XML API management service in the Manager component in Cisco Unified Computing System UCS 1.x before 1.21b allows remote attackers to cause a denial of service service outage via a malformed request, aka Bug ID CSCtg48206...
Fedora Update for librdmacm FEDORA-2012-19892
Check for the Version of librdmacm OpenVAS Vulnerability Test Fedora Update for librdmacm FEDORA-2012-19892 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Solaris 10 (sparc) : 125388-03
SunOS 5.10: SNIA Multipath Management API. Date this patch was last updated by Sun : May/21/10 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
Stack overflow
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long filename to the file...
CVE-2008-2320
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long filename to the file...
CVE-2008-2320
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service application crash via a long filename to the file...
Apple Mac OS X CarbonCore栈溢出漏洞
BUGTRAQ ID: 30487 CVECAN ID: CVE-2008-2320 Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的CarbonCore组件是一些底层Mac OS Toolbox管理器的工具集,CarbonCore的文件名解析代码中存在栈溢出漏洞,如果向CarbonCore框架文件管理API传送了超长文件名就可以触发这个溢出,导致执行任意指令。 Apple Mac OS X 10.5.4 Apple Mac OS X 10.4.11 Apple MacOS X Server 10.5.4 Apple MacOS X Server 10.4.11...
Debian Security Advisory DSA 1470-1 (horde3)
The remote host is missing an update to horde3 announced via advisory DSA 1470-1. OpenVAS Vulnerability Test $Id: deb14701.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1470-1 horde3 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Debian: Security Advisory (DSA-1470-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 1470-1] New horde3 packages fix denial of service
------------------------------------------------------------------------ Debian Security Advisory DSA-1470-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20, 2008 http://www.debian.org/security/faq -...