Lucene search
K

215 matches found

CVE
CVE
added 2023/05/19 12:0 a.m.63 views

CVE-2023-20881

CVE-2023-20881 affects Cloud Foundry CAPI versions 1.140–1.152.0 and Loggregator-agent v7+. The issue allows a user who knows the syslog drain client certificate to override other users’ syslog drain credentials, potentially altering the private key or adding/modifying a Certificate Authority use...

8.1CVSS8AI score0.00362EPSS
Exploits0References1Affected Software3
CNNVD
CNNVD
added 2023/05/19 12:0 a.m.7 views

Cloud Foundry CAPI 信任管理问题漏洞

Cloud Foundry CAPI is a cloud controller from the Cloud Foundry Foundation in the United States. A security vulnerability exists in Cloud Foundry CAPI versions 1.140 through 1.152.0, Loggregator-agent v7+, and CF Deployment versions 24.7.0 through 29.0.0, which originates in Cloud foundry instanc...

8.1CVSS7.6AI score0.00362EPSS
Exploits0References2
OSV
OSV
added 2023/05/19 12:0 a.m.28 views

CVE-2023-20881

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...

8.1CVSS7.1AI score0.00362EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/05/19 12:0 a.m.33 views

CVE-2023-20881

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user ...

8.3AI score0.00362EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 7:40 p.m.35 views

K8917: Linux kernel vulnerability CVE-2007-1217

Security Advisory Description Note : Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the ...

6.9CVSS6.5AI score0.00372EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.3 views

SUSE CVE-2006-6106

Multiple buffer overflows in the cmtprecvinteropmsg function in the Bluetooth driver net/bluetooth/cmtp/capi.c in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via CAPI...

7.5CVSS7.8AI score0.05605EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-1217

Buffer overflow in the bufprint function in capiutil.c in libcapi, as used in Linux kernel 2.6.9 to 2.6.20 and isdn4k-utils, allows local users to cause a denial of service crash and possibly gain privileges via a crafted CAPI packet...

6.9CVSS7AI score0.00372EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.3 views

SUSE CVE-2021-43389

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detachcapictr function in drivers/isdn/capi/kcapi.c...

4.7CVSS6.7AI score0.00669EPSS
Exploits1References36
RedHat Linux
RedHat Linux
added 2022/05/10 1:58 p.m.4 views

kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c

An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...

5.5CVSS6.6AI score0.00669EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/05/10 1:43 p.m.5 views

kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c

An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network ISDN functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of...

5.5CVSS6.6AI score0.00669EPSS
Exploits1References6
NVD
NVD
added 2022/03/25 7:15 p.m.24 views

CVE-2021-22100

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or...

5.3CVSS0.0088EPSS
Exploits0References1
OSV
OSV
added 2022/03/25 7:15 p.m.20 views

CVE-2021-22100

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or...

5.3CVSS6.7AI score0.0088EPSS
Exploits0References1
Prion
Prion
added 2022/03/25 7:15 p.m.19 views

Code injection

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or...

5CVSS5.2AI score0.0088EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/03/25 6:2 p.m.31 views

CVE-2021-22100

In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail is possible. An attacker can leverage this vulnerability to cause an inability for anyone to push or...

5.5AI score0.0088EPSS
Exploits0References1
CVE
CVE
added 2022/03/25 6:2 p.m.68 views

CVE-2021-22100

CVE-2021-22100 affects Cloud Foundry CAPI versions prior to 1.122. A misbehaving service broker can cause Cloud Controller (CAPI) instances to timeout, leading to an inability to push or manage applications (Denial of Service). The public sources describe the issue and confirm affected releases i...

5.3CVSS5.2AI score0.0088EPSS
Exploits0References1Affected Software2
Cloud Foundry
Cloud Foundry
added 2022/03/25 12:0 a.m.64 views

CVE-2021-22100: Cloud Controller is vulnerable to denial of service due to misbehaving service brokers | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Description Cloud Controller CAPI is vulnerable to a denial-of-service attack in which a developer can push a service broker that accidentally or maliciously causes CC instances to timeout and fail. An attacker can leverage this vulnerability to cau...

5.3CVSS5.2AI score0.0088EPSS
Exploits0Affected Software2
OpenVAS
OpenVAS
added 2022/01/13 12:0 a.m.37 views

Ubuntu: Security Advisory (USN-5210-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.1AI score0.00669EPSS
Exploits3References3
Ubuntu
Ubuntu
added 2022/01/12 9:6 p.m.124 views

USN-5210-2: Linux kernel regression

USN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization SEV enabled. This update fixes the problem. We apologize for the inconvenience. Original advisory details:...

7.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2022/01/12 12:0 a.m.37 views

Ubuntu: Security Advisory (USN-5218-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.2AI score0.57853EPSS
Exploits5References3
OSV
OSV
added 2022/01/11 4:58 a.m.11 views

USN-5218-1 linux-oem-5.13 vulnerabilities

Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. CVE-2021-4002 It was discovered that the eBPF implementation in the Linux...

9.8CVSS7.2AI score0.57853EPSS
Exploits5References10
Rows per page
Query Builder