Lucene search
+L

268 matches found

RedHat Linux
RedHat Linux
added 2024/02/06 1:14 p.m.7 views

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/12/04 12:0 a.m.10 views

PT-2023-30902 · Microsoft · Azure Rtos Threadx

Name of the Vulnerable Software and Affected Versions: Azure RTOS ThreadX versions prior to 6.3.0 Description: Azure RTOS ThreadX is an advanced real-time operating system RTOS designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to a...

9.8CVSS9.3AI score0.0131EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.5 views

ASUS RT-AC87U Security Vulnerability

The ASUS RT-AC87U is a wireless router from Asus China. A security vulnerability exists in the ASUS RT-AC87U that stems from the presence of an Access Control Error vulnerability. The vulnerability can be exploited by an attacker to connect to the target device via tftp to read or write files...

9.1CVSS6.8AI score0.00745EPSS
Exploits0References5
OSV
OSV
added 2023/11/14 7:15 p.m.4 views

CVE-2021-46774

Insufficient DRAM address validation in System Management Unit SMU may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/13 12:0 a.m.4 views

PT-2023-23298 · Sap · Sap Business One

Name of the Vulnerable Software and Affected Versions: SAP Business One version 10.0 Description: The SAP Business One installation does not perform proper authentication and authorization checks for SMB shared folders. This allows any malicious user to read and write to the SMB shared folder...

9.6CVSS7.2AI score0.00436EPSS
Exploits0References8
Cvelist
Cvelist
added 2023/11/09 12:7 p.m.37 views

CVE-2023-47612

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a...

6.8CVSS6.5AI score0.00343EPSS
Exploits0References1
Prion
Prion
added 2023/11/09 7:15 a.m.15 views

Path traversal

A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to...

3.2CVSS6.8AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/09 6:32 a.m.33 views

CVE-2023-47613

A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to...

4.4CVSS6.9AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/11/08 7:44 p.m.36 views

CVE-2023-26221 TIBCO Spotfire Insufficiently Protected Credential vulnerability

The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this...

5CVSS5.3AI score0.00186EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/10/11 12:30 p.m.38 views

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS9.2AI score0.01713EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/10/11 12:15 p.m.1 views

DEBIAN-CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS6.9AI score0.01713EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/10/11 12:15 p.m.54 views

CVE-2023-44981

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS6.9AI score0.01713EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/05/10 12:0 a.m.9 views

PT-2023-2996 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to row security policies in PostgreSQL, which can be disregarded when user ID changes occur after inlining. This can lead to incorrect policies being applied,...

8.8CVSS6.3AI score0.4644EPSS
Exploits2References192
Malwarebytes
Malwarebytes
added 2023/04/28 12:45 a.m.131 views

Update now: Critical flaw in VMWare Fusion and VMWare Workstation

Four vulnerabilities in virtualisation software have been fixed by VMware, including two which were exploited at the 20223 Pwn2Own contest. Three have been given the severity rating "Important", with the last CVE-2023-20869 is classed as "Critical". Success! @starlabssg used an uninitialized...

7.6AI score0.02036EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/26 4:24 p.m.66 views

Security Bulletin: Docker based datastores for IBM Instana do not currently require authentication

Summary Docker based datastores for IBM Instana do not currently require authentication. Due to this, an attacker with network or system access to the datastores could interrogate the datastores with read/write privileges CVE-2023-27290. Vulnerability Details CVEID:CVE-2023-27290 DESCRIPTION:...

9.1CVSS9.1AI score0.08573EPSS
Exploits3Affected Software1
NVD
NVD
added 2023/04/25 9:15 p.m.32 views

CVE-2023-20871

VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system...

7.8CVSS8AI score0.00384EPSS
Exploits0References1
OSV
OSV
added 2023/04/25 9:15 p.m.4 views

CVE-2023-20871

VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system...

7.8CVSS7.4AI score0.00384EPSS
Exploits0References1
Prion
Prion
added 2023/04/25 9:15 p.m.22 views

Privilege escalation

VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system...

4.3CVSS8.2AI score0.00384EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.42 views

CVE-2023-20871

VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system...

8.1AI score0.00384EPSS
Exploits0References1
OSV
OSV
added 2023/04/18 8:15 p.m.5 views

CVE-2023-21936

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.7.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

5.4CVSS6.7AI score0.00376EPSS
Exploits0References1
Rows per page
Query Builder