Lucene search
K

225 matches found

Tenable Nessus
Tenable Nessus
added 2023/03/28 12:0 a.m.35 views

CBL Mariner 2.0 Security Update: moby-runc (CVE-2022-24769)

The version of moby-runc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24769 advisory. - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bu...

5.9CVSS7AI score0.00492EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:28 p.m.700 views

K17452: OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883

Security Advisory Description CVE-2001-0361 Implementations of SSH version 1.5, including 1 OpenSSH up to version 2.3.0, 2 AppGate, and 3 ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS1 version...

7.5CVSS8.1AI score0.07032EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.3 views

SUSE CVE-2003-0786

The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges...

10CVSS8.6AI score0.03285EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.4 views

SUSE CVE-2004-2069

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to...

5CVSS8.2AI score0.03366EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.4 views

SUSE CVE-2006-5794

Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging...

7.5CVSS6.9AI score0.02681EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.3 views

SUSE CVE-2016-10010

sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c...

7.5CVSS8.3AI score0.0424EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/12/09 12:0 a.m.27 views

Amazon Linux 2022 : docker (ALAS2022-2022-237)

The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-237 advisory. - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby...

5.9CVSS7.1AI score0.00492EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/07/29 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-2129)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.00492EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/28 3:41 p.m.25 views

CVE-2022-30315

Honeywell Experion PKS Safety Manager SM and FSC through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell...

10AI score0.00764EPSS
Exploits0References2
Prion
Prion
added 2022/07/26 10:15 p.m.20 views

Design/Logic Flaw

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

7.5CVSS9.8AI score0.00858EPSS
Exploits0References2Affected Software25
Cvelist
Cvelist
added 2022/07/26 9:28 p.m.21 views

CVE-2022-31206

The Omron SYSMAC Nx product family PLCs NJ series, NY series, NX series, and PMAC series through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software which compiles IEC 61131-3 conformant POU code to native machine code for execution...

10AI score0.00858EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/21 12:0 a.m.35 views

Wago IO 750-849 & 750-881 No Privilege Separation (CVE-2015-6473)

WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. C Tenable, Inc. include'compat.inc'; if description scriptid500679; scriptversion"1.4";...

10CVSS8.5AI score0.03515EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.44 views

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1963)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine...

5.9CVSS7.1AI score0.00492EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.50 views

EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1993)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby Docker Engine...

5.9CVSS7.1AI score0.00492EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/07/08 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2022-1963)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.00492EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/21 12:0 a.m.6 views

JTEKT TOYOPUC Products 数据伪造问题漏洞

JTEKT TOYOPUC Products is a family of programmable controllers from JTEKT Japan. A data forgery vulnerability exists in JTEKT TOYOPUC Products, which stems from a lack of privilege separation functionality in the affected products. An attacker could use this vulnerability to execute arbitrary...

9.8CVSS8.7AI score0.00488EPSS
Exploits0References5
Amazon
Amazon
added 2022/04/28 12:0 a.m.71 views

Medium: containerd, docker

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

5.9CVSS6AI score0.00492EPSS
Exploits0
Amazon
Amazon
added 2022/04/25 3:47 a.m.75 views

Medium: containerd

Issue Overview: A flaw was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when...

5.9CVSS3.2AI score0.00492EPSS
Exploits0
OSV
OSV
added 2022/04/22 8:42 p.m.48 views

GHSA-4HJ2-R2PM-3HC6 Incorrect Default Permissions in CRI-O

Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

4.8CVSS5.7AI score0.00241EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/04/22 8:42 p.m.41 views

Incorrect Default Permissions in CRI-O

Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...

5.3CVSS0.00241EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder