Lucene search
+L

133 matches found

Cvelist
Cvelist
added 2020/11/17 8:58 p.m.28 views

CVE-2020-26552

An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access...

7.6AI score0.01163EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/11/17 8:33 p.m.23 views

CVE-2020-26551

An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file...

7.5AI score0.00909EPSS
Exploits1References1
CVE
CVE
added 2020/11/17 8:33 p.m.47 views

CVE-2020-26551

Aviatrix Controller before R5.3.1151 stores encrypted key values in a readable file, exposing plaintext encryption keys. CNVD-2021-17719 and NVD records confirm plaintext key storage prior to R5.3.1151; risk is confidentiality impact (high per CVSS3.1). Remediation: upgrade to R5.3.1151 or later ...

7.5CVSS7.4AI score0.00909EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2020/11/17 8:26 p.m.44 views

CVE-2020-26550

CVE-2020-26550 pertains to Aviatrix Controller prior to R5.3.1151, where an encrypted file containing credentials is protected by a three-character key. The root cause is a weak key in the encrypted file, which has implications for confidentiality (HIGH per CVSS3.1). The connected documents confi...

7.5CVSS7.4AI score0.01461EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/11/17 8:24 p.m.14 views

CVE-2020-26549

An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading...

7.5AI score0.01488EPSS
Exploits1References1
CVE
CVE
added 2020/11/17 8:24 p.m.59 views

CVE-2020-26549

CVE-2020-26549 affects Aviatrix Controller prior to R5.4.1290. The vulnerability arises from an htaccess protection mechanism that prevents requests to directories, which can be bypassed to download files beyond a user’s rights. Documented impact in CNVD/NVD entries: an attacker could download re...

7.5CVSS7.5AI score0.01488EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/11/17 8:22 p.m.21 views

CVE-2020-26548

An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system...

8.9AI score0.01441EPSS
Exploits1References1
CVE
CVE
added 2020/11/17 8:22 p.m.50 views

CVE-2020-26548

Aviatrix Controller (pre-R5.4.1290) contains an insecure sudo rule that allows a user to execute any command as any user on the system. This vulnerability affects Controller versions before R5.4.1290 and is supported by multiple sources (e.g., CNVD-2021-17716; NVD CVE-2020-26548) with high impact...

9CVSS8.8AI score0.01441EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.7 views

Aviatrix Systems Controller 代码问题漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An arbitrary file upload vulnerability exists in Aviatrix Controller versions prior to R6.0.2483. The vulnerability stems from several APIs that contain functionality that...

9.8CVSS7.7AI score0.01742EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.6 views

Aviatrix Systems Controller 安全漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An encryption key plaintext storage vulnerability exists in Aviatrix Controller versions prior to R5.3.1151. An attacker can exploit this vulnerability to obtain plaintext...

7.5CVSS7.2AI score0.00909EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.7 views

Aviatrix Systems Controller 安全漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A security vulnerability exists in Aviatrix Controller versions prior to R5.3.1151. The vulnerability stems from a weak key in an encrypted file containing credentials. No...

7.5CVSS7.2AI score0.01461EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.6 views

Aviatrix Systems Controller 加密问题漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. An improper access control vulnerability exists in Aviatrix Controller versions prior to R6.0.2483. The vulnerability stems from the fact that multiple executables...

7.5CVSS7.2AI score0.01163EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.9 views

Aviatrix Systems Controller 安全漏洞

Aviatrix Controller is a centralized control panel for orchestrating and managing various network and connectivity solutions. A sudo rule insecurity vulnerability exists in Aviatrix Controller versions prior to R5.4.1290. An attacker could execute all commands as any user on the system through th...

9CVSS7.4AI score0.01441EPSS
Exploits1References2
OSV
OSV
added 2020/05/22 9:15 p.m.4 views

CVE-2020-13412

An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF...

8.8CVSS5.8AI score0.00583EPSS
Exploits0References1
OSV
OSV
added 2020/05/22 9:15 p.m.4 views

CVE-2020-13414

An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software...

7.5CVSS5.8AI score0.01466EPSS
Exploits1References2
NVD
NVD
added 2020/05/22 9:15 p.m.19 views

CVE-2020-13413

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force...

5.3CVSS5.2AI score0.01369EPSS
Exploits1References2
NVD
NVD
added 2020/05/22 9:15 p.m.23 views

CVE-2020-13412

An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF...

8.8CVSS8.7AI score0.00583EPSS
Exploits0References1
NVD
NVD
added 2020/05/22 9:15 p.m.23 views

CVE-2020-13415

An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix, aka XML Signature Wrapping...

7.5CVSS7.5AI score0.00747EPSS
Exploits1References1
NVD
NVD
added 2020/05/22 9:15 p.m.14 views

CVE-2020-13416

An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery CSRF vulnerability for password resets...

6.5CVSS6.7AI score0.0051EPSS
Exploits0References1
OSV
OSV
added 2020/05/22 9:15 p.m.4 views

CVE-2020-13413

An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force...

5.3CVSS6.1AI score0.01369EPSS
Exploits1References2
Rows per page
Query Builder