Lucene search
K

194 matches found

Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.5 views

PT-2023-33776 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue concerns the RDMA/core component of the Linux Kernel, where the ib port is not properly validated when accessing a sysfs node. The actual impact and attack plausibility have not ye...

7.3AI score
Exploits0References1
Snyk
Snyk
added 2022/12/05 3:13 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the...

8.4CVSS7.6AI score0.01188EPSS
Exploits1References2
OSV
OSV
added 2022/11/01 1:15 p.m.3 views

DEBIAN-CVE-2022-42318

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

6.5CVSS6.8AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2022/11/01 1:15 p.m.1 views

DEBIAN-CVE-2022-42320

Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...

7CVSS6.9AI score0.0027EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/14 10:49 a.m.39 views

Security Bulletin: IBM Spectrum Protect 8.1.14.000 Server is vulnerable to bypass of security restrictions (CVE-2022-22394)

Summary IBM Spectrum Protect 8.1.14.000 Server could allow a remote attacker to bypass security restrictions due to improper enforcement of access controls. Vulnerability Details CVEID: CVE-2022-22394 DESCRIPTION: The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass...

9CVSS2.1AI score0.02125EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:56 a.m.27 views

Drupal improper access restrictions

Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page...

4CVSS6.4AI score0.01881EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/17 4:8 a.m.13 views

GHSA-96VX-QF28-6F8M Drupal Access Control Bypass

Drupal 7.x before 7.3 allows remote attackers to bypass intended nodeaccess restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table...

7.5CVSS6.2AI score0.03056EPSS
Exploits0References9
OSV
OSV
added 2022/05/13 1:46 a.m.18 views

GHSA-3327-JR93-7HQ3 Drupal access bypass vulnerability

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...

8.1CVSS7.7AI score0.0131EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:46 a.m.30 views

Drupal access bypass vulnerability

In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...

8.1CVSS6.5AI score0.0131EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2022/03/21 5:15 p.m.5 views

CVE-2022-22394

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the...

8.8CVSS5.8AI score0.02125EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/03/21 12:0 a.m.5 views

PT-2022-15408 · Ibm · Ibm Spectrum Protect

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect version 8.1.14.000 Description: The issue is caused by improper enforcement of access controls, allowing a remote attacker to bypass security restrictions. By signing in, an attacker could exploit this to bypass security...

9CVSS7.5AI score0.02125EPSS
Exploits0References4
OSV
OSV
added 2022/03/04 6:15 p.m.15 views

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

7.8CVSS6.7AI score
Exploits0References3
NVD
NVD
added 2021/12/16 8:15 p.m.32 views

CVE-2020-35209

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information...

7.5CVSS0.00902EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/11/03 8:41 p.m.6 views

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

7.8CVSS5.9AI score0.00515EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/10/27 8:9 a.m.3 views

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

7.8CVSS5.9AI score0.00515EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/10/27 7:57 a.m.1 views

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

7.8CVSS5.9AI score0.00515EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/10/26 4:3 p.m.6 views

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

7.8CVSS5.9AI score0.00515EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.6 views

OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. OpenShift suffers from a security vulnerability that can be exploited by an attacker to access a running container that loads kubernet...

7CVSS7AI score0.00218EPSS
Exploits0References1
Snyk
Snyk
added 2021/04/13 3:42 p.m.5 views

Improper Input Validation

Overview puppet is an automated configuration management tool. Affected versions of this package are vulnerable to Improper Input Validation. Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed...

6.5CVSS6.6AI score0.00823EPSS
Exploits0References2
RubySec
RubySec
added 2021/04/13 12:0 a.m.22 views

Improper Certificate Validation in Puppet

Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...

6.5CVSS1.3AI score0.00823EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder