Lucene search
K

16 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/13 9:6 p.m.7 views

CVE-2026-44424

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/05/06 11:19 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetDevice process. An attacker can access sensitive device metadata belonging to other tenants by providing a valid device UID and authenticating with any user account. Remediatio...

7.1CVSS5.8AI score0.00246EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38314

Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description An issue exists where the endpoint "/api/devices/:uid" returns the full device object to any authenticated user without verifying if the device belongs to the caller's namespace tenant. An...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References7
Microsoft KB
Microsoft KB
added 2024/02/20 8:0 a.m.85 views

February 13, 2024—KB5034830 (Monthly Rollup)

None None...

8.8CVSS6.8AI score0.99995EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2024/02/13 8:0 a.m.103 views

February 13, 2024—KB5034766 (OS Build 22000.2777)

None None...

8.8CVSS6.8AI score0.95443EPSS
Exploits15
Microsoft KB
Microsoft KB
added 2024/02/13 8:0 a.m.158 views

February 13, 2024—KB5034831 (Monthly Rollup)

None None...

8.8CVSS6.8AI score0.99995EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2024/02/13 8:0 a.m.84 views

February 13, 2024—KB5034774 (OS Build 10240.20469) - EXPIRED

None None...

8.8CVSS6.8AI score0.30344EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2024/02/13 8:0 a.m.110 views

February 13, 2024—KB5034809 (Security-only update)

None None...

8.8CVSS6.8AI score0.99995EPSS
Exploits0
OSV
OSV
added 2020/12/15 6:15 p.m.4 views

ALPINE-CVE-2020-29480

An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...

2.3CVSS6.3AI score0.00306EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/22 12:0 a.m.2 views

Google Android Bluetooth elevation of privilege vulnerability (CNVD-2020-60498)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Kernel is one of the kernel components, Framework is one of the Android framework components, System is one of the system components, VPN is one of the VPN Virtual Private Network...

7.8CVSS7AI score0.00145EPSS
Exploits0References1
OSV
OSV
added 2020/09/18 4:15 p.m.4 views

CVE-2020-0299

In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:...

7.8CVSS5.9AI score0.00145EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/04/29 12:0 a.m.63 views

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4345-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4345-1 advisory. Al Viro discovered that the Linux kernel for s390x systems did not properly perform page table upgrades for kernel sections that use secondar...

7.5CVSS7.5AI score0.0415EPSS
Exploits2References10
OSV
OSV
added 2019/10/22 2:40 a.m.7 views

USN-4163-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash. CVE-2016-10906 It was discovered that a race condition existed in the Serial...

10CVSS7AI score0.07619EPSS
Exploits3References11
Check Point Advisories
Check Point Advisories
added 2019/01/31 12:0 a.m.5 views

Microsoft Device Metadata Authoring Wizard Remote Code Execution

A remote code execution vulnerability exists in Microsoft Device Metadata Authoring Wizard. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

6.1AI score
Exploits0
OpenVAS
OpenVAS
added 2018/04/23 12:0 a.m.574 views

Microsoft Windows 10: Prevent device metadata retrieval from the Internet

This policy setting prevents Windows from retrieving device metadata from the Internet. If enabled, Windows does not retrieve device metadata for installed devices from the Internet. This policy setting overrides the setting in the Device Installation Settings dialog box. OpenVAS Vulnerability Te...

7.4AI score
Exploits0
Ubuntu
Ubuntu
added 2018/04/04 7:21 p.m.105 views

USN-3619-1: Linux kernel vulnerabilities

Jann Horn discovered that the Berkeley Packet Filter BPF implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2017-16995 It was discovered that a...

7.8CVSS7.3AI score0.30052EPSS
Exploits26
Rows per page
Query Builder