Lucene search
K

110 matches found

OSV
OSV
added 2017/07/17 9:29 p.m.6 views

CVE-2017-9810

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

8.8CVSS5.8AI score0.01932EPSS
Exploits5References6
NVD
NVD
added 2017/07/17 9:29 p.m.23 views

CVE-2017-9812

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...

7.5CVSS7.5AI score0.11265EPSS
Exploits5References6
Cvelist
Cvelist
added 2017/07/17 9:0 p.m.25 views

CVE-2017-9810

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...

9.1AI score0.01932EPSS
Exploits5References6
CVE
CVE
added 2017/07/17 9:0 p.m.73 views

CVE-2017-9810

CVE-2017-9810 affects Kaspersky Anti-Virus for Linux File Server Web Management Console (Kaspersky, 8.0.x). The root cause is absence of Anti-CSRF tokens in forms, enabling CSRF to submit authenticated requests when a user browses attacker-controlled domains. CORE-2017-0003 describes associated i...

8.8CVSS8.9AI score0.01932EPSS
Exploits5References6Affected Software1
Cvelist
Cvelist
added 2017/07/17 9:0 p.m.35 views

CVE-2017-9813

In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312, the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting XSS...

7.5AI score0.02623EPSS
Exploits5References6
Cvelist
Cvelist
added 2017/07/17 9:0 p.m.29 views

CVE-2017-9811

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...

9.4AI score0.10474EPSS
Exploits5References6
Cvelist
Cvelist
added 2017/07/17 9:0 p.m.30 views

CVE-2017-9812

The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...

8.6AI score0.11265EPSS
Exploits5References6
CNVD
CNVD
added 2017/06/30 12:0 a.m.3 views

Kaspersky Anti-Virus for Linux File Server Cross-Site Request Forgery Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A cross-site request forgery vulnerability exists in Kaspersky Anti-Virus for Linux File Server. This allows an attacker to submit authenticated reques...

8.8CVSS6.6AI score0.01932EPSS
Exploits5References1
CNVD
CNVD
added 2017/06/30 12:0 a.m.2 views

Kaspersky Anti-Virus for Linux File Server Elevation of Privilege Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. An elevation of privilege vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows attackers to exploit an elevatio...

10CVSS7AI score0.10474EPSS
Exploits5References1
CNVD
CNVD
added 2017/06/30 12:0 a.m.3 views

Kaspersky Anti-Virus for Linux File Server Path Traversal Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A path traversal vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to read arbitrary files with...

7.5CVSS6.7AI score0.11265EPSS
Exploits5References1
CNVD
CNVD
added 2017/06/30 12:0 a.m.4 views

Kaspersky Anti-Virus for Linux File Server Reflective Cross-Site Scripting Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A reflected cross-site scripting vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to execute...

6.1CVSS6.5AI score0.02623EPSS
Exploits5References1
BDU FSTEC
BDU FSTEC
added 2017/06/27 12:0 a.m.3 views

The vulnerability of the Antivirus Kasperksy 8.0 web console for Linux File Servers allows an attacker to send commands to the antivirus software on behalf of its user.

The vulnerability of the Antivirus Kaspersky 8.0 web console for Linux File Servers arises from the lack of authenticity verification for the creators of the web consoles. Exploiting this vulnerability allows a malicious actor to send an antivirus command on behalf of the user who visits the...

7.1CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/06/27 12:0 a.m.5 views

A vulnerability in the web console of the Antivirus Kasperksy 8.0 anti-virus software for Linux File Servers, which allows for the execution of arbitrary code with privileges of a privileged user.

The vulnerability of the Antivirus Kaspersky 8.0 anti-virus software for Linux File Servers relates to the insecure management of privileges. Exploiting this vulnerability allows a malicious user with non-privileged privileges to execute code with privileged root privileges, through the use of th...

8.5CVSS5.7AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/02/28 12:0 a.m.45 views

F5 Networks BIG-IP : Linux file utility vulnerabilities (K16347)

CVE-2014-8116 The ELF parser readelf.c in file before 5.21 allows remote attackers to cause a denial of service CPU consumption or crash via a large number of 1 program or 2 section headers or 3 invalid capabilities. CVE-2014-8117 softmagic.c in file before 5.21 does not properly limit recursion,...

5CVSS8.1AI score0.05926EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/02/03 12:0 a.m.44 views

openSUSE Security Update : SeaMonkey (openSUSE-2016-129) (SLOTH)

This update for SeaMonkey fixes the following issues : - update to SeaMonkey 2.40 bnc959277 - requires NSS 3.20.2 to fix MFSA 2015-150/CVE-2015-7575 bmo1158489 MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature - MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous...

10CVSS7.5AI score0.06058EPSS
Exploits1References43
F5 Networks
F5 Networks
added 2015/04/09 12:0 a.m.44 views

SOL16347 - Linux file utility vulnerabilities CVE-2014-8116 and CVE-2014-8117

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

5CVSS2AI score0.05926EPSS
Exploits0References8
OSV
OSV
added 2014/10/08 7:55 p.m.1 views

DEBIAN-CVE-2014-3641

The 1 GlusterFS and 2 Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header...

4CVSS6.7AI score0.0186EPSS
Exploits0References1
NVD
NVD
added 2013/09/30 10:55 p.m.9 views

CVE-2013-4362

WEB-DAV Linux File System davfs2 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in 1 kernelinterface.c and 2 mountdavfs.c, related to the "system" function...

7.2CVSS6.3AI score0.01168EPSS
Exploits2References7
Prion
Prion
added 2013/09/30 10:55 p.m.17 views

Design/Logic Flaw

WEB-DAV Linux File System davfs2 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in 1 kernelinterface.c and 2 mountdavfs.c, related to the "system" function...

7.2CVSS6.8AI score0.01168EPSS
Exploits2References7Affected Software1
UbuntuCve
UbuntuCve
added 2013/09/30 10:55 p.m.17 views

CVE-2013-4362

WEB-DAV Linux File System davfs2 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in 1 kernelinterface.c and 2 mountdavfs.c, related to the "system" function...

7.2CVSS5.9AI score0.01168EPSS
Exploits2References2
Rows per page
Query Builder