Lucene search
+L

47 matches found

PyPA
PyPA
added 2023/04/17 8:15 a.m.7 views

PYSEC-2023-44

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...

9.9CVSS7.9AI score0.01109EPSS
Exploits0References3Affected Software1
Citrix
Citrix
added 2023/03/23 12:0 a.m.10 views

Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 10

Package name: xms10.14.0.11013.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.10942.bin, xms10.14.0.10813.bin, xms10.14.0.10742.bin, xms10.14.0.10628.bin, xms10.14.0.10521.bin, xms10.14.0.10424.bin, xms10.14.0.10303.bin, xms10.14.0.10206.bin, and...

6.9AI score
Exploits0
Cisco
Cisco
added 2023/03/22 4:0 p.m.71 views

Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software when it is operating in cluster mode could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF...

6.5CVSS7.5AI score0.00261EPSS
Exploits0References1
Citrix
Citrix
added 2022/09/08 12:0 a.m.9 views

Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 10

Package name: xms10.13.0.11025.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10922.bin, xms10.13.0.10817.bin, xms10.13.0.10723.bin, xms10.13.0.10603, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2022/07/16 12:30 p.m.120 views

Kubeaudit - Tool To Audit Your Kubernetes Clusters Against Common Security Controls

kubeaudit is a command line tool and a Go package to audit Kubernetes clusters for various different security concerns, such as: run as non-root use a read-only root filesystem drop scary capabilities, don't add new ones don't run privileged and more! tldr.kubeaudit makes sure you deploy secure...

7.6AI score
Exploits0References31
Citrix
Citrix
added 2022/06/14 12:0 a.m.10 views

Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 9

Package name: xms10.13.0.10922.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10817.bin, xms10.13.0.10723.bin, xms10.13.0.10603.bin, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin. Date: Ju...

6.9AI score
Exploits0
Citrix
Citrix
added 2022/03/02 12:0 a.m.9 views

Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 7

Package name: xms10.13.0.10723.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10603.bin, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin. Date: March 2022 Languages supported: English US...

6.9AI score
Exploits0
Citrix
Citrix
added 2022/01/26 12:0 a.m.8 views

Citrix Endpoint Management (aka XenMobile Server) 10.14.0 Rolling Patch 4

Package name: xms10.14.0.10424.bin For: XenMobile Server 10.14.0 Deployment type: On-premises only Replaces: xms10.14.0.10303.bin, xms10.14.0.10206.bin, and xms10.14.0.10118.bin Date: January 2022 Languages supported: English US Important notes about this update As a best practice, Citrix...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/06/08 12:0 a.m.17 views

Cisco SD-WAN vManage Information Disclosure (cisco-sa-sdwan-vmanageinfdis-LKrFpbv)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by an information disclosure vulnerability due to absence of authentication to view sensitive information. An unauthenticated, remote attacker can exploit this, by sending a crafted request to the cluster management...

5.3CVSS5.8AI score0.01218EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.7 views

The vulnerability of the cluster-mode programmable Cisco SD-WAN architecture allows a intruder to gain unauthorized access to services within the vulnerable system.

The vulnerability of the programmable network-based Cisco SD-WAN architecture in cluster mode is related to lack of access control. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to services within the vulnerable system...

9CVSS7.3AI score0.01764EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/05/06 1:15 p.m.6 views

CVE-2021-1535

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the Cisco SD-WAN vManage Software must be in cluster mode. This...

5.3CVSS6.1AI score0.01218EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.5 views

Cisco SD-WAN vManage Software 输入验证错误漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A cluster mode unauthorized service access vulnerability exists in Cisco SD-WAN vManage, which can be exploited by an attacker to bypass authorization checks and gain...

9.8CVSS5.7AI score0.01764EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.41 views

Cisco SD-WAN vManage Software 输入验证错误漏洞

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A cluster mode unauthorized access vulnerability exists in the web management interface of Cisco SD-WAN vManage, which stems from the software not performing authorization...

9.8CVSS5.6AI score0.0163EPSS
Exploits0References4
CNVD
CNVD
added 2021/05/06 12:0 a.m.13 views

Cisco SD-WAN vManage Cluster Mode Unauthorized Service Access Vulnerability

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A cluster mode unauthorized service access vulnerability exists in Cisco SD-WAN vManage, which can be exploited by an attacker to bypass authorization checks and gain...

9.8CVSS6.9AI score0.01764EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/06 12:0 a.m.12 views

Cisco SD-WAN vManage Cluster Mode Unauthorized Access Vulnerability

Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A cluster mode unauthorized access vulnerability exists in the web management interface of Cisco SD-WAN vManage, which stems from the software not performing authorization...

9.8CVSS6.9AI score0.0163EPSS
Exploits0References1
Cisco
Cisco
added 2021/05/05 4:0 p.m.53 views

Cisco SD-WAN vManage Software Information Disclosure Vulnerability

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due t...

5.3CVSS5.2AI score0.00765EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/05/05 12:0 a.m.4 views

PT-2021-2986 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to multiple vulnerabilities in Cisco SD-WAN vManage Software that could allow an unauthenticated, remote attacker to execute arbitrary code or gai...

9.8CVSS8.1AI score0.01764EPSS
Exploits0References5
NVD
NVD
added 2021/03/04 9:15 p.m.37 views

CVE-2021-26988

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine SVM names, volume names,...

3.5CVSS0.00384EPSS
Exploits0References1
Prion
Prion
added 2021/03/04 9:15 p.m.24 views

Code injection

Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine SVM names, volume names,...

2.7CVSS4.1AI score0.00384EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/03/04 12:0 a.m.11 views

Netapp Clustered Data ONTAP 安全漏洞

Netapp Clustered Data ONTAP is a storage operating system for cluster mode from NetApp USA. A security vulnerability exists in Clustered Data ONTAP that originates from allowing unauthorized tenant users to discover the 7-Cluster-mode. the following products and versions are affected: Data ONTAP...

3.5CVSS5.1AI score0.00384EPSS
Exploits0References3
Rows per page
Query Builder