Lucene search
+L

164 matches found

OSV
OSV
added 2020/04/13 1:15 p.m.1 views

DEBIAN-CVE-2020-1759

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the...

6.8CVSS6.9AI score0.01585EPSS
Exploits0References1
OSV
OSV
added 2020/04/13 1:15 p.m.8 views

UBUNTU-CVE-2020-1759

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the...

6.8CVSS7AI score0.01585EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2020/04/07 12:0 a.m.31 views

ceph14 -- multiple security issues

RedHat reports: ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions. ceph: header-splitting in RGW GetObject has a possible XSS...

6.8CVSS1.7AI score0.01585EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/04/06 12:0 a.m.7 views

PT-2020-15040

Name of the Vulnerable Software and Affected Versions Red Hat Ceph Storage version 4 Red Hat Openshift Container Storage version 4.2 Description A nonce reuse issue was discovered in the secure mode of the messenger v2 protocol. This allows an attacker to forge auth tags and potentially manipulat...

6.8CVSS6.8AI score0.01585EPSS
Exploits0References21
Intel
Intel
added 2020/03/10 12:0 a.m.26 views

Intel® MAX® 10 FPGA Advisory

This advisory contains CVEs in Altera products and has been transferred to Altera for support. The updated advisory can be found at the link below: https://www.altera.com/product-security/advisory-archive/intel-sa-00349.html...

6AI score
Exploits0
OpenVAS
OpenVAS
added 2019/11/18 12:0 a.m.13 views

SYS.2.2.3.A11

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

7.3AI score
Exploits0References1
OSV
OSV
added 2019/07/10 10:44 a.m.9 views

MGASA-2019-0205 Updated dosbox package fixes security vulnerabilities

Dosbox 0.74-3 is a security release: Fixed that a very long line inside a bat file would overflow the parsing buffer. CVE-2019-7165 by Alexandre Bartel Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc e.g. /proc/self/mem when / or /proc we...

9.8CVSS9.6AI score0.06685EPSS
Exploits1References2
Veracode
Veracode
added 2019/06/24 2:36 a.m.20 views

Unauthorized Metadata Modification

Apache Geode is vulnerable to unauthorized metadata modification. This is due to a lack of proper validation of the permissions of a user who has write permissions for specific data regions. When Apache Geode is operating in secure mode, this allows the user to perform unauthorized metadata...

6.5CVSS6.3AI score0.02192EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2019/06/21 4:15 p.m.18 views

Design/Logic Flaw

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

4CVSS6.3AI score0.02192EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/21 3:15 p.m.16 views

CVE-2017-15694

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

6.3AI score0.02192EPSS
Exploits0References2
Saint
Saint
added 2018/07/20 12:0 a.m.540 views

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

5.2AI score
Exploits0
Saint
Saint
added 2018/07/20 12:0 a.m.551 views

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

8.2AI score
Exploits0
Saint
Saint
added 2018/07/20 12:0 a.m.25 views

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

8.2AI score
Exploits0
n0where
n0where
added 2018/04/26 5:28 p.m.31 views

Web Pen-Test Practice Application: OWASP Mutillidae

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on...

0.1AI score
Exploits0
Veracode
Veracode
added 2018/02/27 2:10 a.m.20 views

Information Disclosure

geode-core is vulnerable to information disclosure. If a malicious user gains access to the Geode locator, they are able to access the configuration data and previously deployed code. This is possible because the configuration service doesn't correctly authorize configuration requests when...

7.5CVSS7AI score0.02043EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/02/26 2:0 a.m.29 views

CVE-2017-15696

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.4AI score0.02043EPSS
Exploits0References1
CVE
CVE
added 2018/02/26 2:0 a.m.76 views

CVE-2017-15696

The CVE-2017-15696 entry affects Apache Geode before v1.4.0. In secure mode, the Geode configuration service fails to properly authorize configuration requests, allowing an unprivileged user with access to a Geode locator to extract configuration data and previously deployed application code. Con...

7.5CVSS7.4AI score0.02043EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/01/10 3:29 a.m.22 views

CVE-2017-12622

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS6.7AI score0.02075EPSS
Exploits3References1
Prion
Prion
added 2018/01/10 3:29 a.m.15 views

Remote code execution

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...

6CVSS7.8AI score0.04177EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2018/01/10 3:29 a.m.20 views

Information disclosure

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

5.5CVSS6.5AI score0.02075EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder