Lucene search
K

281 matches found

exploitpack
exploitpack
added 2019/10/09 12:0 a.m.40 views

XNU - Remote Double-Free via Data Race in IPComp Input Path

XNU - Remote Double-Free via Data Race in IPComp Input Path === Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK...

0.6AI score
Exploits0
0day.today
0day.today
added 2019/10/09 12:0 a.m.120 views

XNU - Remote Double-Free via Data Race in IPComp Input Path Exploit

=== Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK isn't affected over two network interfaces at the same time...

7.8CVSS0.7AI score0.01288EPSS
Exploits1
CNVD
CNVD
added 2019/07/25 12:0 a.m.1 views

FreeBSD mqueuefs Privilege Access Control Issue Vulnerability

FreeBSD is a Unix-like operating system from the FreeBSD Foundation. mqueuefs is a POSIX message queue file system support module used in it. A security vulnerability exists in FreeBSD mqueuefs. This vulnerability can be exploited by a local attacker to gain access to files, directories, network...

7.8CVSS6.8AI score0.00623EPSS
Exploits0References1
Prion
Prion
added 2019/07/09 6:15 p.m.13 views

Code injection

Arlo Basestation firmware 1.12.0.127940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device...

7.5CVSS9.5AI score0.01191EPSS
Exploits0References1Affected Software5
Cvelist
Cvelist
added 2019/07/09 5:18 p.m.23 views

CVE-2019-3949

Arlo Basestation firmware 1.12.0.127940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device...

9.6AI score0.01191EPSS
Exploits0References1
Metasploit
Metasploit
added 2019/06/20 8:8 p.m.41 views

Amazon Web Services EC2 instance enumeration

Provided AWS credentials, this module will call the authenticated API of Amazon Web Services to list all EC2 instances associated with the account This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'aws-sdk-ec2'...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2019/06/15 12:0 a.m.48 views

Fedora Update for containernetworking-plugins FEDORA-2019-24217abfdf

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.03119EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/06/13 12:0 a.m.109 views

Fedora Update for containernetworking-plugins FEDORA-2019-d2b57d3b19

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.03119EPSS
Exploits0References2
Fedora
Fedora
added 2019/06/12 2:48 p.m.35 views

[SECURITY] Fedora 30 Update: containernetworking-plugins-0.7.5-1.fc30

The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resourc ...

7.5CVSS2.7AI score0.03119EPSS
Exploits0
Citrix
Citrix
added 2019/05/27 12:0 a.m.8 views

The Number of vCPUs Assigned To A Guest Causes VIFs To Go Offline

Increasing the number of vCPUs assigned to a VM will reduce the number of available. For instance 10 vCPUs will have 7 active VIFs but 12 vCPUs will only allow 6 active VIFs...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.35 views

EulerOS Virtualization 3.0.1.0 : ntp (EulerOS-SA-2019-1556)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause...

9.8CVSS7.7AI score0.29037EPSS
Exploits8References21
Prion
Prion
added 2019/04/23 8:32 p.m.12 views

Default configuration

In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TC...

7.5CVSS9.8AI score0.03791EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/04/23 7:7 p.m.22 views

CVE-2019-7727

In NICE Engage through 6.5, the default configuration binds an unauthenticated JMX/RMI interface to all network interfaces, without restricting registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol by using the JMX connector. The observed affected TC...

9.8AI score0.03791EPSS
Exploits0References3
Virtuozzo
Virtuozzo
added 2019/03/14 12:0 a.m.19 views

Product update: Virtuozzo Infrastructure Platform 2.5 Update 4 (2.5.0-1614)

This update provides stability and usability fixes. Vulnerability id: VSTOR-14144, VSTOR-20526 Blink button in the admin panel was not working in some cases. Vulnerability id: VSTOR-20197 Unable to create network bonds. Vulnerability id: VSTOR-20232 Disk replacement occasionally does not allow to...

1.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/03/12 12:0 a.m.5 views

The vulnerability of microprogrammed software in Siemens Simatic S7-400 programmable logic controllers is related to errors in checking input data by Ethernet, PROFIBUS, and MPI interfaces. This allows a malicious actor to trigger a service failure.

The vulnerability of microprogrammed programmable logic controllers from Siemens Simatic S7-400 is related to errors in the validation of input data by Ethernet, PROFIBUS, and MPI interfaces. Exploiting this vulnerability can allow an attacker to cause maintenance failures by sending a specially...

8.5CVSS7.4AI score0.00821EPSS
Exploits0References3Affected Software4
Information Security Automation
Information Security Automation
added 2019/03/11 3:16 p.m.62 views

First steps with Docker: installation in CentOS 7, vulnerability assessment, interactive mode and saving changes

Docker and containerization are literally everywhere. IMHO, this changes the IT landscape much more than virtualization and clouds. Let's say you have a host, you checked it and find out that there are no vulnerable packages. But what's the point if this host runs Docker containers with their own...

7.1AI score
Exploits0
Virtuozzo
Virtuozzo
added 2019/03/07 12:0 a.m.21 views

Kernel update: Virtuozzo ReadyKernel patch 74.0 for all supported Virtuozzo kernels and that of Virtuozzo Infrastructure Platform 2.5

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to all supported Virtuozzo kernels and that of Virtuozzo Infrastructure Platform 2.5. Vulnerability id: PSBM-91566 It was found that unpacking a large tarball with a lot of small files could fail inside...

1.4AI score
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2019/03/06 12:0 a.m.4 views

The vulnerability of the programmable logic integrated circuit that controls the input buffer of Cisco Firepower 9000 Series software-based network interfaces allows a intruder to cause a service failure.

The vulnerability of the programmable logic integrated circuit that controls the input buffer of Cisco Firepower 9000 Series software lies in the handling of various types of input packets. Exploiting this vulnerability can allow an attacker to trigger a Denial-of-Service attack by sending a...

6.1CVSS6.5AI score0.00501EPSS
Exploits0References2
Kitploit
Kitploit
added 2019/01/12 12:5 p.m.248 views

Kube-Hunter - Hunt For Security Weaknesses In Kubernetes Clusters

Kube-hunter hunts for security weaknesses in Kubernetes clusters. The tool was developed to increase awareness and visibility for security issues in Kubernetes environments. You should NOT run kube-hunter on a Kubernetes cluster you don't own! Run kube-hunter : kube-hunter is available as a...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2018/11/16 3:42 a.m.30 views

[SECURITY] Fedora 27 Update: NetworkManager-1.8.8-2.fc27

NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband WWAN, PPPoE and other devices, and supports a variety of different VPN services...

8.8CVSS2.8AI score0.0168EPSS
Exploits0
Rows per page
Query Builder