Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-34368

Malicious code in bioql PyPI...

8.8CVSS7.6AI score0.01599EPSS
Exploits0References2
Prion
Prion
added 2024/12/30 9:15 p.m.10 views

CVE-2024-11946

iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...

0.00292EPSS
Exploits0References2
CVE
CVE
added 2024/12/30 8:12 p.m.61 views

CVE-2024-11946

The CVE-2024-11946 entry concerns iXsystems TrueNAS CORE. The flaw exists in firmware update handling, caused by using an insecure protocol to deliver updates, enabling network-adjacent attackers to tamper with firmware update files on affected installations. Authentication is not required to exp...

6.5CVSS4.2AI score0.00292EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/12/30 8:12 p.m.35 views

CVE-2024-11946 iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability

iXsystems TrueNAS CORE fetchpluginpackagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to...

3.1CVSS0.00292EPSS
Exploits0References2
CVE
CVE
added 2024/12/30 8:12 p.m.109 views

CVE-2024-11944

CVE-2024-11944 affects iXsystems TrueNAS CORE (tarfile.extractall). The flaw is lack of validation of a user-supplied path in tarfile.extractall, enabling directory traversal and remote code execution with root privileges on affected installations, exploitable by network-adjacent attacker without...

8.8CVSS7.9AI score0.01599EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2024/12/19 12:0 a.m.9 views

(Pwn2Own) iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tarfile.extractall method. The issue results from the lack of...

7.5CVSS6.9AI score0.01599EPSS
Exploits0References1
Rows per page
Query Builder