Lucene search
+L

164 matches found

Vulnrichment
Vulnrichment
added 2022/06/15 5:55 p.m.14 views

CVE-2022-20817 Cisco IP Phone Duplicate Key Vulnerability

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

7.4CVSS6.7AI score0.01124EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/15 5:55 p.m.28 views

CVE-2022-20817 Cisco IP Phone Duplicate Key Vulnerability

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

7.4CVSS7.5AI score0.01124EPSS
Exploits0References1
Cisco
Cisco
added 2022/06/15 4:0 p.m.25 views

Cisco IP Phone Duplicate Key Vulnerability

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...

7.4CVSS1.8AI score0.01124EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/17 1:13 a.m.22 views

Smarty arbitrary PHP code execution

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template...

7.5CVSS7.6AI score0.03127EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2022/05/17 1:13 a.m.19 views

GHSA-2PMX-6MM6-6V72 Smarty arbitrary PHP code execution

Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "literal" in a template...

7.5CVSS7AI score0.03127EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2022/05/17 12:34 a.m.32 views

Apache Geode gfsh query vulnerability

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

4.3CVSS4.1AI score0.01178EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 12:34 a.m.4 views

GHSA-37M3-QP37-X3C6 Apache Geode gfsh query vulnerability

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

4.3CVSS6AI score0.01178EPSS
Exploits0References3
OSV
OSV
added 2022/05/14 3:47 a.m.25 views

GHSA-H22R-H77W-2G5F Apache Geode gfsh authorization vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS6.6AI score0.02075EPSS
Exploits3References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:47 a.m.23 views

Apache Geode gfsh authorization vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS1.9AI score0.02075EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2022/05/14 3:46 a.m.26 views

GHSA-Q7CP-R6CJ-HPF5 Apache Geode OQL bind parameter vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...

5.3CVSS5.1AI score0.01479EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:46 a.m.24 views

Apache Geode OQL bind parameter vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions...

5.3CVSS3.4AI score0.01479EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 3:37 a.m.15 views

GHSA-G569-49WG-JX5F Apache Geode configuration request authorization vulnerability

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.5CVSS7.4AI score0.02043EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 3:37 a.m.35 views

Apache Geode configuration request authorization vulnerability

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.5CVSS7.2AI score0.02043EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/14 12:57 a.m.28 views

GHSA-6M68-3W55-6MX4 Apache Geode OQL method invocation vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...

7.5CVSS7.7AI score0.04177EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 12:57 a.m.26 views

Apache Geode OQL method invocation vulnerability

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...

7.5CVSS4.1AI score0.04177EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.4 views

GHSA-VH98-FQFC-4HJ3 Apache Geode vulnerable to Exposure of Sensitive Information

When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of...

6.5CVSS5.9AI score0.01358EPSS
Exploits0References4
ICS
ICS
added 2022/01/25 12:0 a.m.97 views

GE Gas Power ToolBoxST

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: GE Gas Power Equipment: ToolBoxST Vulnerabilities: Improper Restriction of XML External Entity Reference, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result...

8.6CVSS8.8AI score0.03305EPSS
Exploits0References5
NVD
NVD
added 2021/11/12 2:15 a.m.30 views

CVE-2021-42775

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In...

9.1CVSS0.00958EPSS
Exploits0References2
OSV
OSV
added 2021/11/12 2:15 a.m.4 views

CVE-2021-42775

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download feature that could allow a user to place or replace an arbitrary file on the remote host. In...

9.1CVSS5.9AI score0.00958EPSS
Exploits0References2
Prion
Prion
added 2021/11/12 2:15 a.m.19 views

Design/Logic Flaw

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a remote host with the GetDumpFile command. In non-secure mode, the user is unauthenticated...

5CVSS7.6AI score0.00964EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder