281 matches found
Design/Logic Flaw
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...
CVE-2022-32290
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...
Improper Neutralization of Special Elements used in a Command in Apache Cassandra
The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request...
Ubuntu 18.04 LTS / 20.04 LTS : libvirt vulnerabilities (USN-5399-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5399-1 advisory. It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvir...
SUSE-RU-2022:1391-1 Recommended update for salt
This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil bsc1197533 - Prevent data pollution between actions processed at the same time bsc1197637 - Fix salt-ssh opts poisoning. bsc1197637 - Clear network...
SUSE-RU-2022:1389-1 Recommended update for salt
This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil bsc1197533 - Prevent data pollution between actions processed at the same time bsc1197637 - Fix salt-ssh opts poisoning bsc1197637 - Clear network...
Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Improper Access Control (CVE-2018-4858)
A vulnerability has been identified in IEC 61850 system configurator All versions V5.80, DIGSI 5 affected as IEC 61850 system configurator is incorporated All versions V7.80, DIGSI 4 All versions V4.93, SICAM PAS/PQS All versions V8.11, SICAM PQ Analyzer All versions V3.11, SICAM SCC All versions...
Frictionless Assessment Asset Inventory Windows
Nessus collected information about the target host to create an inventory for Frictionless Assessment TRUSTED...
systemd bug fix and enhancement update
The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...
CVE-2021-41090 Instance config inline secret exposure
Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...
CVE-2021-32600
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and t...
python-psutil: Double free because of refcount mishandling
A double free issue has been discovered in python-psutil because of the mishandling of refcounts while converting system data into Python objects in functions like psutildiskpartitions, psutilusers, psutilnetifaddrs, and others. In particular cases, a local attacker may be able to get code...
UBUNTU-CVE-2021-37987
Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Mitigation As the SCTP module will be...
[SECURITY] Fedora 33 Update: containernetworking-plugins-1.0.0-0.2.rc1.fc33
The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resource...
CVE-2021-3609
A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. Mitigation As the CAN module will be auto-loaded when required, its use can be disabled by preventing t...
Frictionless Assessment Asset Inventory
Nessus collected information about the target host to create an inventory for Frictionless Assessment TRUSTED...
libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...
CVE-2021-20999
In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...
The vulnerability of the software interfaces of Google Chrome and Microsoft Edge browser Network APIs allows a perpetrator to compromise the confidentiality of protected information.
The vulnerability of the Network API software interfaces of Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality of protected information through a specially created web page...