Lucene search
K

187 matches found

CNNVD
CNNVD
added 2022/07/26 12:0 a.m.28 views

Honeywell Saia Burgess PG5 PCD 授权问题漏洞

Honeywell Saia Burgess PG5 PCD is a Honeywell USA solution that includes SBC Instrumentation, Control and Automation ICA devices for implementation and operational automation. A security vulnerability exists in all versions of the Honeywell Saia Burgess PG5 PCD, which stems from the use of the...

8.1CVSS7.6AI score0.00655EPSS
Exploits0References5
OSV
OSV
added 2022/07/19 4:15 p.m.2 views

DEBIAN-CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...

8.1CVSS7.3AI score0.01091EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/07/15 12:0 a.m.3 views

PT-2022-7683

Name of the Vulnerable Software and Affected Versions GNU SASL libgsasl affected versions not specified Description The issue is related to a server-side read-out-of-bounds condition in GNU SASL libgsasl, which can be triggered by a malicious authenticated GSS-API client. This could potentially...

8.5CVSS7.1AI score0.01091EPSS
Exploits0References44
OSV
OSV
added 2021/07/22 2:15 p.m.3 views

DEBIAN-CVE-2021-34431

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker...

6.5CVSS6.4AI score0.01113EPSS
Exploits0References1
OSV
OSV
added 2021/07/22 2:15 p.m.4 views

UBUNTU-CVE-2021-34431

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker...

6.5CVSS6.6AI score0.01113EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/22 12:0 a.m.6 views

Eclipse Mosquitto 安全漏洞

Eclipse Mosquitto is an open source messaging agent software suite from the Eclipse Foundation. A security vulnerability exists in Eclipse Mosquitto version 1.6 through 2.0.10, where a memory leak occurs when an authenticated client sends a carefully crafted CONNECT message to the agent, which ca...

6.5CVSS6.4AI score0.01113EPSS
Exploits0References3
Veracode
Veracode
added 2021/04/29 12:17 p.m.33 views

Authorization Bypass

ceph:edge is vulnerable to authorization bypass. ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly conduct further attacks...

8CVSS4.9AI score0.00646EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/04/07 7:15 p.m.6 views

ALPINE-CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...

6.5CVSS6.7AI score0.00968EPSS
Exploits0References1
OSV
OSV
added 2021/04/07 7:15 p.m.21 views

CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...

6.5CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2021/04/07 7:15 p.m.14 views

Null pointer dereference

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...

4CVSS6.3AI score0.00968EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/04/07 7:15 p.m.3 views

UBUNTU-CVE-2021-28166

In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur...

6.5CVSS5.8AI score0.00968EPSS
Exploits0References3
OSV
OSV
added 2021/02/19 8:15 p.m.4 views

UBUNTU-CVE-2021-26713

A stack-based buffer overflow in resrtpasterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession...

6.5CVSS7AI score0.01845EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/02/19 12:0 a.m.5 views

PT-2021-17107 · Sangoma +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Sangoma Asterisk versions prior to 16.16.1 Sangoma Asterisk versions 17.x prior to 17.9.2 Sangoma Asterisk versions 18.x prior to 18.2.1 Certified Asterisk versions prior to 16.8-cert6 Description: A stack-based buffer overflow in res rtp...

8.8CVSS6.3AI score0.4557EPSS
Exploits13References47
NVD
NVD
added 2020/09/21 3:15 p.m.21 views

CVE-2020-4590

IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650...

6.5CVSS0.01241EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/06/22 5:49 p.m.29 views

CVE-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...

8CVSS7.7AI score0.00646EPSS
Exploits0References2
CVE
CVE
added 2020/06/22 5:49 p.m.112 views

CVE-2020-10736

CVE-2020-10736 affects Ceph 15.2.0 up to, but not including, 15.2.2. The root cause is an authorization bypass in ceph-mon and ceph-mgr that allows an authenticated client to access unauthorized resources and modify configuration, potentially enabling further attacks. The documented impact is hig...

8CVSS7.5AI score0.00646EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2020/04/17 12:0 a.m.1 views

Malicious Package

Overview authenticated-client is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2020/01/30 1:15 a.m.20 views

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

8.8CVSS9.2AI score0.02385EPSS
Exploits2References4
OSV
OSV
added 2020/01/30 1:15 a.m.14 views

CVE-2020-8442

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

8.8CVSS7.1AI score
Exploits0References4
Prion
Prion
added 2020/01/30 1:15 a.m.18 views

Heap overflow

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis ossec-analysisd is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client...

6.5CVSS9.1AI score0.02385EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder