15 matches found
CVE-2026-31562
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipidsihostregister The call to mipidsihostregister triggers a callback to mtkdsibind, which uses devgetdrvdata to retrieve the mtkdsi struct, so this structure needs to be...
EUVD-2024-48583
Malicious code in bioql PyPI...
EUVD-2022-51021
Malicious code in bioql PyPI...
CVE-2022-48321
Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...
CVE-2024-7700
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing...
CVE-2024-7700
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing...
CVE-2024-7700 Foreman: command injection in "host init config" template via "install packages" field on foreman
A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing...
PT-2024-38520 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman affected versions not specified Description: A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker...
CVE-2022-48321
Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...
UBUNTU-CVE-2022-48321
Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...
Server side request forgery (ssrf)
Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...
katello-installer-base: QMF methods exposed to goferd via qdrouterd
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent. A malicious user authenticated to a host registered to Satellite or Capsule can use this flaw to access QMF methods to any host also registered to Satellite or Capsule and...
PT-2012-1927 · Red Hat · Red Hat Jboss Enterprise Application Platform
Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform version 5.1.2 Description: The issue allows worker nodes to register with arbitrary virtual hosts, enabling remote attackers to bypass intended access restrictions. This can lead to the provision of...
mod_cluster: malicious worker nodes can register on any vhost
modcluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from ...
IGMP DoS
By sending unicast membership report to attacked host it's possible to prevent one from registering in group...