Lucene search
K

52 matches found

CNNVD
CNNVD
added 2022/07/28 12:0 a.m.5 views

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and the protection of metadata, virtual environments, and other environmental data backups. A security...

6.5CVSS6.5AI score0.0052EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.3 views

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and the backup protection of metadata, virtual environments and other environmental data. A security...

4.3CVSS5.3AI score0.00445EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.14 views

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports the detection of ransomware and the backup protection of metadata, virtual environments and other environmental data. A security...

6.5CVSS6.6AI score0.00597EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/01 12:0 a.m.5 views

Rockwell Automation FactoryTalk AssetCentre 代码问题漏洞

Rockwell Automation FactoryTalk AssetCentre is an asset management software tool from Rockwell Automation that allows manufacturers and industrial companies to centrally manage controllers and other automation-related assets. A security vulnerability exists in Rockwell Automation FactoryTalk...

10CVSS5.6AI score0.03072EPSS
Exploits0References5
PyPA
PyPA
added 2021/02/27 5:15 a.m.7 views

PYSEC-2021-50

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

9.8CVSS7AI score0.72945EPSS
Exploits5References9Affected Software1
Cvelist
Cvelist
added 2021/01/06 12:52 a.m.29 views

CVE-2020-36163

An issue was discovered in Veritas NetBackup and OpsCenter through 8.3.0.1. NetBackup processes using Strawberry Perl attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows systems, users can create directories under...

9.3CVSS9.3AI score0.00395EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2020/04/30 8:54 p.m.287 views

Salt Bugs Allow Full RCE as Root on Cloud Servers

The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. And in-the-wild attacks are expected imminently. According to F-Secure researchers, the framework, authored by...

7.5CVSS9.7AI score0.96405EPSS
Exploits25References8
Positive Technologies
Positive Technologies
added 2019/10/16 12:0 a.m.6 views

PT-2019-11843 · Jenkins · Jenkins Fortify On Demand Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Fortify on Demand Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within job config.xml files on the Jenkins master or controller. These credentials can be...

8.8CVSS8.5AI score0.00676EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2019/08/15 1:29 p.m.2 views

jenkins: Arbitrary file write vulnerability using file parameter definitions (SECURITY-1424)

A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary fil...

6.5CVSS5.9AI score0.10225EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2019/07/30 11:15 p.m.31 views

CVE-2019-10163

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured a...

4.3CVSS6.1AI score0.01003EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/07/30 10:16 p.m.72 views

CVE-2019-10163

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured a...

4.3CVSS4.1AI score0.01003EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/07/01 12:0 a.m.29 views

FreeBSD : powerdns -- multiple vulnerabilities (1c21f6a3-9415-11e9-95ec-6805ca2fa271)

PowerDNS Team reports : CVE-2019-10162: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit wh...

7.5CVSS5.3AI score0.01691EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.5 views

PT-2019-11343 · Jenkins · Jenkins Hockeyapp Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins HockeyApp Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner in job config.xml files on the Jenkins master. These credentials can be accessed by users who have...

8.8CVSS8.5AI score0.01365EPSS
Exploits0References5
OSV
OSV
added 2017/10/24 6:33 p.m.24 views

GHSA-G89M-3WJW-H857 Puppet vulnerable to Path Traversal

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

3.5CVSS5.8AI score0.01882EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.26 views

Puppet vulnerable to Path Traversal

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

3.5CVSS6.1AI score0.01882EPSS
Exploits1References13Affected Software1
Cvelist
Cvelist
added 2017/07/14 5:0 a.m.18 views

CVE-2017-11318

Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events...

8.2AI score0.01253EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.41 views

Amazon Linux AMI : puppet (ALAS-2012-135)

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...

4.3CVSS5.7AI score0.02453EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.36 views

AIX 6.1 TL 1 : bind (IZ56316)

AIX 'named' is an implementation of BIND Berkeley Internet Name Domain providing server functionality for the Domain Name System DNS Protocol. AIX currently ships and supports three versions of BIND: 4, 8, and 9. There is an error in the handling of dynamic update messages in BIND 9. A crafted...

4.3CVSS6.2AI score0.12649EPSS
Exploits1References3
OSV
OSV
added 2012/08/06 4:55 p.m.3 views

DEBIAN-CVE-2012-3864

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...

4CVSS6.8AI score0.01914EPSS
Exploits1References1
Prion
Prion
added 2012/08/06 4:55 p.m.26 views

Design/Logic Flaw

lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for lastrunreport.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file...

2.1CVSS6AI score0.00481EPSS
Exploits1References7Affected Software2
Rows per page
Query Builder