Lucene search
K

281 matches found

Prion
Prion
added 2022/07/06 12:15 p.m.23 views

Design/Logic Flaw

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...

3.3CVSS5AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/07/06 11:12 a.m.40 views

CVE-2022-32290

The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead o...

5.3AI score0.00224EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/14 2:49 a.m.36 views

Improper Neutralization of Special Elements used in a Command in Apache Cassandra

The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request...

7.5CVSS9.6AI score0.06692EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/05/02 12:0 a.m.40 views

Ubuntu 18.04 LTS / 20.04 LTS : libvirt vulnerabilities (USN-5399-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5399-1 advisory. It was discovered that libvirt incorrectly handled certain locking operations. A local attacker could possibly use this issue to cause libvir...

7.2CVSS6.6AI score0.01366EPSS
Exploits1References7
OSV
OSV
added 2022/04/25 2:41 p.m.9 views

SUSE-RU-2022:1391-1 Recommended update for salt

This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil bsc1197533 - Prevent data pollution between actions processed at the same time bsc1197637 - Fix salt-ssh opts poisoning. bsc1197637 - Clear network...

8.8CVSS6AI score0.01586EPSS
Exploits0References12
OSV
OSV
added 2022/04/25 2:41 p.m.7 views

SUSE-RU-2022:1389-1 Recommended update for salt

This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil bsc1197533 - Prevent data pollution between actions processed at the same time bsc1197637 - Fix salt-ssh opts poisoning bsc1197637 - Clear network...

8.8CVSS6AI score0.01586EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.45 views

Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Improper Access Control (CVE-2018-4858)

A vulnerability has been identified in IEC 61850 system configurator All versions V5.80, DIGSI 5 affected as IEC 61850 system configurator is incorporated All versions V7.80, DIGSI 4 All versions V4.93, SICAM PAS/PQS All versions V8.11, SICAM PQ Analyzer All versions V3.11, SICAM SCC All versions...

9.3CVSS7.4AI score0.01841EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/02/02 12:0 a.m.30 views

Frictionless Assessment Asset Inventory Windows

Nessus collected information about the target host to create an inventory for Frictionless Assessment TRUSTED...

5.8AI score
Exploits0
AlmaLinux
AlmaLinux
added 2021/12/16 7:31 p.m.18 views

systemd bug fix and enhancement update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

1.4AI score
Exploits0
Cvelist
Cvelist
added 2021/12/08 4:15 p.m.45 views

CVE-2021-41090 Instance config inline secret exposure

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack. Prior to versions 0.20.1 and 0.21.2, inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defin...

6.5CVSS8AI score0.00736EPSS
Exploits0References6
OSV
OSV
added 2021/11/17 12:15 p.m.5 views

CVE-2021-32600

An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and t...

3.8CVSS5.8AI score0.00573EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/11/09 5:57 p.m.2 views

python-psutil: Double free because of refcount mishandling

A double free issue has been discovered in python-psutil because of the mishandling of refcounts while converting system data into Python objects in functions like psutildiskpartitions, psutilusers, psutilnetifaddrs, and others. In particular cases, a local attacker may be able to get code...

7.5CVSS7.3AI score0.03522EPSS
Exploits0References4
OSV
OSV
added 2021/11/02 10:15 p.m.3 views

UBUNTU-CVE-2021-37987

Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.3AI score0.00827EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/09/08 7:42 a.m.70 views

CVE-2021-3772

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Mitigation As the SCTP module will be...

6.5CVSS6.8AI score0.0124EPSS
Exploits0References3
Fedora
Fedora
added 2021/07/24 1:8 a.m.84 views

[SECURITY] Fedora 33 Update: containernetworking-plugins-1.0.0-0.2.rc1.fc33

The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resource...

5.5CVSS5.9AI score0.00327EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/06/21 3:38 p.m.68 views

CVE-2021-3609

A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. Mitigation As the CAN module will be auto-loaded when required, its use can be disabled by preventing t...

7CVSS0.3AI score0.00431EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/06/09 12:0 a.m.60 views

Frictionless Assessment Asset Inventory

Nessus collected information about the target host to create an inventory for Frictionless Assessment TRUSTED...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2021/05/18 2:6 p.m.3 views

libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c

A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...

7.2CVSS7.1AI score0.00529EPSS
Exploits0References4
NVD
NVD
added 2021/05/13 2:15 p.m.33 views

CVE-2021-20999

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...

9.8CVSS0.00947EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/04/21 12:0 a.m.6 views

The vulnerability of the software interfaces of Google Chrome and Microsoft Edge browser Network APIs allows a perpetrator to compromise the confidentiality of protected information.

The vulnerability of the Network API software interfaces of Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality of protected information through a specially created web page...

7.3CVSS7.6AI score0.01292EPSS
Exploits0References12Affected Software6
Rows per page
Query Builder