Lucene search
K

8 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-380113)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-380113 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dmaalloccoherent is...

5.5CVSS6AI score0.0021EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/12/13 12:0 a.m.6 views

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50189)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50189 advisory. - In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed...

5.5CVSS6.1AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 2023/03/21 5:15 p.m.13 views

CVE-2023-1305

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

8.1CVSS7.9AI score0.00777EPSS
Exploits1References2
NVD
NVD
added 2023/03/21 5:15 p.m.15 views

CVE-2023-1306

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

8.8CVSS8.7AI score0.01208EPSS
Exploits1References2
NVD
NVD
added 2023/03/21 5:15 p.m.12 views

CVE-2023-1304

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

8.8CVSS8.6AI score0.01079EPSS
Exploits1References2
Prion
Prion
added 2023/03/21 5:15 p.m.15 views

Code injection

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

6.5CVSS8.5AI score0.01079EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2023/03/21 5:15 p.m.18 views

Design/Logic Flaw

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

5.5CVSS7.9AI score0.00777EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2023/03/21 4:45 p.m.18 views

CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

8.8AI score0.01079EPSS
Exploits1References2
Rows per page
Query Builder