Lucene search
K

9278 matches found

Prion
Prion
added 2023/08/24 10:15 p.m.25 views

Hardcoded credentials

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

5CVSS7.3AI score0.03147EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/08/24 10:15 p.m.12 views

Default credentials

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

5CVSS7.3AI score0.00561EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/08/24 10:3 p.m.46 views

CVE-2023-32079 Netmaker Privilige Escalation Vulnerability

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

8.8CVSS8.4AI score0.00711EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/08/24 10:3 p.m.51 views

CVE-2023-32079 Netmaker Privilige Escalation Vulnerability

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

8.8CVSS8.9AI score0.00711EPSS
Exploits0References1
CVE
CVE
added 2023/08/24 10:3 p.m.68 views

CVE-2023-32079

Netmaker (Gravitl) is affected by a Mass assignment privilege escalation vulnerability that lets a non-admin become admin. Affected versions are prior to 0.17.1 and 0.18.6. Mitigation: upgrade to 0.17.1 (patched) or 0.18.6+ (fixed). If on 0.17.1, run docker pull gravitl/netmaker:v0.17.1 and resta...

8.8CVSS8.6AI score0.00711EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/24 10:3 p.m.8 views

CVE-2023-32079 Netmaker Privilige Escalation Vulnerability

Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run...

8.8CVSS6.8AI score0.00711EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/24 9:35 p.m.38 views

CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

7.5CVSS7.6AI score0.00561EPSS
Exploits0References3
CVE
CVE
added 2023/08/24 9:35 p.m.74 views

CVE-2023-32078

CVE-2023-32078 : In Gravitl Netmaker (WireGuard-based networks), an insecure direct object reference (IDOR) vulnerability exists in the user update function that lets an attacker change another user’s password by providing a different username. Affected versions: before 0.17.1 and before 0.18.6. ...

7.5CVSS7.3AI score0.00561EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/24 9:35 p.m.11 views

CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

7.5CVSS6.6AI score0.00561EPSS
Exploits0References3
OSV
OSV
added 2023/08/24 9:35 p.m.23 views

CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

7.5CVSS7.4AI score0.00561EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/08/24 9:23 p.m.47 views

CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

7.5CVSS7.5AI score0.03147EPSS
Exploits0References4
CVE
CVE
added 2023/08/24 9:23 p.m.2526 views

CVE-2023-32077

Netmaker Vulnerability: Hardcoded DNS secret key allows unauthenticated users to interact with DNS API endpoints. Affects Netmaker builds prior to 0.17.1 and 0.18.6. Remediation per sources: upgrade to v0.17.1 (patched) or v0.18.6+ (fixed). If on 0.17.1, run docker pull gravitl/netmaker:v0.17.1 a...

7.5CVSS7.3AI score0.03147EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/24 9:23 p.m.12 views

CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

7.5CVSS6.6AI score0.03147EPSS
Exploits0References4
OSV
OSV
added 2023/08/24 9:23 p.m.28 views

CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key

Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run docker pull...

7.5CVSS7.3AI score0.03147EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.3 views

PT-2023-23589

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description An Insecure Direct Object Reference IDOR vulnerability was found in the user update function, allowing an attacker to update another user's password by...

7.5CVSS7AI score0.00561EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.6 views

PT-2023-23590

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 0.17.1 Netmaker versions 0.18.0 through 0.18.5 Description A Mass assignment vulnerability was found in Netmaker that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in...

8.8CVSS7.2AI score0.00711EPSS
Exploits0References9
OSV
OSV
added 2023/08/23 7:56 p.m.7 views

MGASA-2023-0245 Updated docker-containerd packages fix security vulnerability

Memory leak. CVE-2022-23471 Denial of service with maliciously crafted image with a large file CVE-2023-25153 Security bypass due to improper supplementary group handling. CVE-2023-25173...

7.8CVSS6.8AI score0.01022EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2023/08/23 11:44 a.m.38 views

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...

7.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/23 12:0 a.m.23 views

Dell Cyber Recovery < 19.11.0.2 Authentication Bypass (DSA-2022-196)

Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote, unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images...

9.8CVSS8.3AI score0.01031EPSS
Exploits0References2
Wiz blog
Wiz blog
added 2023/08/21 4:55 p.m.35 views

Docker and Kubernetes, we have got you covered: Wiz simplifies compliance and security posture management for Docker and Kubernetes environments.

Ensure that your Docker and Kubernetes environments are secure and compliant with CIS benchmarks. Generate reports quickly and easily and remediate any issues with actionable insights...

7AI score
Exploits0
Rows per page
Query Builder