Lucene search
+L

192 matches found

cnnvd
cnnvd
added 2024/09/18 12:0 a.m.5 views

Chaosblade 安全漏洞

Chaosblade is an open source experimental injection tool from ChaosBlade Open Source. A security vulnerability exists in Chaosblade versions 0.3 through 1.7.3, which stems from allowing the execution of operating system commands via the cmd parameter without authentication when using server mode...

8.6CVSS7.4AI score0.01669EPSS
Exploits0References3
cve
cve
added 2024/09/18 12:0 a.m.88 views

CVE-2023-47105

Chaosblade (github.com/chaosblade-io/chaosblade) versions 0.3–1.7.3 are vulnerable when running in server mode: unauthenticated command execution is possible via the cmd parameter in exec.CommandContext. The flaw allows remote command execution against the Chaosblade HTTP service with server mode...

8.6CVSS7.2AI score0.01669EPSS
Exploits0References2
cvelist
cvelist
added 2024/09/18 12:0 a.m.257 views

CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

0.01669EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/09/18 12:0 a.m.7 views

PT-2024-13406 · Unknown · Chaosblade

Name of the Vulnerable Software and Affected Versions: Chaosblade versions 0.3 through 1.7.3 Description: The issue allows OS command execution via the cmd parameter without authentication when server mode is used. This is related to the exec.CommandContext in Chaosblade. Recommendations: For...

9.3CVSS7.4AI score0.01669EPSS
Exploits0References12
osv
osv
added 2024/09/18 12:0 a.m.16 views

CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

8.6CVSS8.8AI score0.01669EPSS
Exploits0References4
osv
osv
added 2024/07/12 11:8 a.m.4 views

OESA-2024-1840 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

4.3CVSS6.8AI score0.00665EPSS
Exploits0References2
nessus
nessus
added 2023/11/02 12:0 a.m.27 views

F5 Networks BIG-IP : NTP vulnerability (K44305703)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K44305703 advisory. The ntpd daemon in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated...

7.5CVSS6.6AI score0.02081EPSS
Exploits0References2
sick
sick
added 2023/09/29 10:0 a.m.9 views

Vulnerability in Wibu-Systems CodeMeter Runtime affects multiple SICK products

Wibu-Systems disclosed a security vulnerability in the CodeMeter Runtime. There is a heap buffer overflow vulnerability which can potentially lead to a remote code execution. Currently, no PoC is known to Wibu-Systems. To exploit the heap overflow, additional protection mechanisms need to be...

9CVSS8.3AI score0.01505EPSS
Exploits0
vulnrichment
vulnrichment
added 2023/08/17 6:24 p.m.17 views

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS7.8AI score0.00702EPSS
Exploits0References2
cvelist
cvelist
added 2023/08/17 6:24 p.m.47 views

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS9.1AI score0.00702EPSS
Exploits0References2
osv
osv
added 2023/08/17 6:24 p.m.26 views

CVE-2023-40313 Disable BeanShell Interpreter Remote Server Mode

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer...

7.1CVSS7.4AI score0.00702EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2023/08/17 12:0 a.m.12 views

PT-2023-27376 · Opennms · Opennms Meridian +1

Name of the Vulnerable Software and Affected Versions: OpenNMS Horizon versions prior to 32.0.2 OpenNMS Meridian versions prior to 2023.1.6 OpenNMS Meridian versions prior to 2022.1.19 OpenNMS Meridian versions prior to 2021.1.30 OpenNMS Meridian versions prior to 2020.1.38 Description: A BeanShe...

8.8CVSS7.5AI score0.00702EPSS
Exploits0References12
rapid7blog
rapid7blog
added 2023/06/07 8:17 p.m.25 views

Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode

Carlos Canto contributed to this article. Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download. Much of what went into this release was about expanding capabilities and improving workflows. We’ll now explore some of the interesting new features i...

7.2AI score
Exploits0
bdu_fstec
bdu_fstec
added 2023/03/30 12:0 a.m.6 views

The vulnerability of the Server mode setting in the pgAdmin 4 database management tool allows a hacker to alter the settings of another user or the database itself.

The vulnerability of the Server mode of the pgAdmin 4 database management tool is related to shortcomings in the name restriction of the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to alter the settings of another user or the database...

3.1CVSS6.1AI score0.08826EPSS
Exploits0References7Affected Software2
susecve
susecve
added 2023/02/15 6:21 a.m.6 views

SUSE CVE-2003-0962

Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail...

7.5CVSS8.5AI score0.21157EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 6:13 a.m.4 views

SUSE CVE-2006-6899

hidd in BlueZ bluez-utils before 2.25 allows remote attackers to obtain control of the 1 Mouse and 2 Keyboard Human Interface Device HID via a certain configuration of two HID PSM endpoints, operating as a server, aka HidAttack...

5.4CVSS6.9AI score0.03221EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 3:59 a.m.4 views

SUSE CVE-2020-11868

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp...

3.7CVSS6.8AI score0.02081EPSS
Exploits0References8
fedora
fedora
added 2022/10/28 11:16 a.m.36 views

[SECURITY] Fedora 36 Update: glances-3.3.0.1-2.fc36

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

7.5CVSS6.2AI score0.04658EPSS
Exploits1
prion
prion
added 2022/08/01 8:15 p.m.20 views

Design/Logic Flaw

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...

7.5CVSS9.3AI score0.00641EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2022/08/01 7:50 p.m.4 views

CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...

9.1CVSS9.6AI score0.00641EPSS
Exploits1References3
Rows per page
Query Builder