Lucene search
K

2591 matches found

OSV
OSV
added 2023/06/30 10:58 p.m.31 views

CVE-2023-36812 Remote Code Execution in OpenTSDB

OpenTSDB is a open source, distributed, scalable Time Series Database TSDB. OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit...

9.8CVSS9.2AI score0.14297EPSS
Exploits4References6
The Hacker News
The Hacker News
added 2023/06/21 5:36 a.m.6 views

New Condi Malware Hijacking TP-Link Wi-Fi Routers for DDoS Botnet Attacks

A new malware called Condi has been observed exploiting a security vulnerability in TP-Link Archer AX21 AX1800 Wi-Fi routers to rope the devices into a distributed denial-of-service DDoS botnet. Fortinet FortiGuard Labs said the campaign has ramped up since the end of May 2023. Condi is the work ...

8.8CVSS8AI score0.99999EPSS
Exploits7
The Hacker News
The Hacker News
added 2023/06/17 6:59 a.m.3 views

From Cryptojacking to DDoS Attacks: Diicot Expands Tactics with Cayosin Botnet

Cybersecurity researchers have discovered previously undocumented payloads associated with a Romanian threat actor named Diicot , revealing its potential for launching distributed denial-of-service DDoS attacks. "The Diicot name is significant, as it's also the name of the Romanian organized crim...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2023/06/14 12:0 a.m.4 views

Schneider Electric EcoStruxure Foxboro DCS 缓冲区错误漏洞

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A buffer overflow vulnerability exists in Schneider Electric EcoStruxure Foxboro DCS Control Core Services, which originates from a boundary error wh...

7.8CVSS8AI score0.00191EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/05/29 12:0 a.m.6 views

The vulnerability of the DCE/RPC process callaway system for operating systems like MacOS allows a perpetrator to execute arbitrary code.

The vulnerability of the DCE/RPC process callouts system for MacOS operating systems relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.5CVSS8.1AI score0.01706EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/24 12:0 a.m.6 views

The vulnerability of Rockwell Automation’s distributed controller software ArmorStart ST, related to deficiencies in input data validation by users, allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to deficiencies in the validation of user-input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...

6.5CVSS6.3AI score0.0062EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/22 7:12 a.m.35 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

7.8CVSS6.8AI score0.52164EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2023/05/22 7:8 a.m.52 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.8CVSS6.8AI score0.52164EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 2023/05/22 6:55 a.m.37 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

7.8CVSS6.8AI score0.52164EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2023/05/17 3:23 p.m.38 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

7.8CVSS6.8AI score0.52164EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.4 views

kernel: fs: dlm: fix invalid derefence of sb_lvbptr

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix invalid derefence of sblvbptr I experience issues when putting a lkbsb on the stack and have sblvbptr field to a dangled pointer while not using DLMLKFVALBLK. It will crash with the following kernel message, the...

5.5CVSS6.7AI score0.00152EPSS
Exploits0References5
Fedora
Fedora
added 2023/05/12 2:8 a.m.37 views

[SECURITY] Fedora 36 Update: git-2.40.1-1.fc36

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The git rpm installs common set of tools which are usually using with small amount of dependencies. To install all git packages,...

7.8CVSS6.2AI score0.52164EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2023/05/11 8:15 p.m.39 views

CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS6.8AI score0.00744EPSS
Exploits0References5
Prion
Prion
added 2023/05/11 8:15 p.m.36 views

Code injection

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4CVSS4.5AI score0.00744EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/11 8:15 p.m.1 views

UBUNTU-CVE-2023-32082

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

4.3CVSS7.1AI score0.00744EPSS
Exploits0References6
CVE
CVE
added 2023/05/11 7:22 p.m.152 views

CVE-2023-32082

CVE-2023-32082 affects etcd. The LeaseTimeToLive API (with Keys=true) could expose key names to users who lack read permission, impacting RBAC-enabled clusters. This vulnerability is fixed in etcd versions 3.4.26 and 3.5.9; upgrade to a fixed release (or newer) to remediate. No workarounds are do...

4.3CVSS6.3AI score0.00744EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/11 7:22 p.m.32 views

CVE-2023-32082 etcd key name can be accessed via LeaseTimeToLive API

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names not value associated to a lease when Keys parameter is true, even a user doesn't have read permission to the keys. The impact is limit...

3.1CVSS6.5AI score0.00744EPSS
Exploits0References6
Akamai Blog
Akamai Blog
added 2023/05/11 1:0 p.m.10 views

Today’s Evolving Cloud Strategies Are Embracing Distributed Computing

...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/10 6:57 p.m.29 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Distributed Tracing 2.8.0 security update

Updated Red Hat OpenShift Distributed Tracing 2.8 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.4 views

kernel: drbd: only clone bio if we have a backing device

A NULL pointer dereference was found in the Linux kernel Distributed Replicated Block Device driver's I/O request handling. A local user with privileges to perform I/O operations on a DRBD block device can trigger I/O requests when the DRBD device is configured in diskless mode no local backing...

5.5CVSS7AI score0.00128EPSS
Exploits0References5
Rows per page
Query Builder