Lucene search
K

281 matches found

RedhatCVE
RedhatCVE
added 2021/03/05 7:4 p.m.45 views

CVE-2021-27365

A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

7.8CVSS8AI score0.02079EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/03/05 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2021-1526)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.2CVSS6.8AI score0.00529EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2021/01/27 12:58 p.m.4 views

New Attack Could Let Remote Hackers Target Devices On Internal Networks

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the new attack CVE-2020-16043 and CVE-2021-23961 builds on the previously disclose...

8.8CVSS7.7AI score0.01323EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/01/05 12:0 a.m.42 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2021-1045)

According to the version of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting...

7.2CVSS6.8AI score0.00529EPSS
Exploits0References2
NVD
NVD
added 2020/12/31 3:15 a.m.20 views

CVE-2018-14067

Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces including the external Internet by default. NOTE: this may overlap CVE-2017-9980...

10CVSS9.6AI score0.07016EPSS
Exploits1References1
Prion
Prion
added 2020/12/31 3:15 a.m.25 views

Command injection

Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces including the external Internet by default. NOTE: this may overlap CVE-2017-9980...

10CVSS9.5AI score0.07016EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/12/31 2:22 a.m.26 views

CVE-2018-14067

Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces including the external Internet by default. NOTE: this may overlap CVE-2017-9980...

9.6AI score0.07016EPSS
Exploits1References1
Nmap
Nmap
added 2020/12/30 3:51 a.m.390 views

nbns-interfaces NSE Script

Retrieves IP addresses of the target's network interfaces via NetBIOS NS. Additional network interfaces may reveal more information about the target, including finding paths to hidden non-routed networks via multihomed systems. Example Usage nmap -sU -p 137 --script nbns-interfaces Script Output...

10CVSS0.4AI score0.99448EPSS
Exploits33
Mageia
Mageia
added 2020/12/29 11:57 a.m.54 views

Updated libvirt packages fix security vulnerability

A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...

7.2CVSS2.4AI score0.00529EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2020/12/22 12:0 a.m.8 views

The vulnerability of the syntactic analysis procedure for JSON microprogramming systems used in Huawei USG6000V network interfaces allows a attacker to trigger a service failure.

The vulnerability of the JSON syntax analysis process in Huawei USG6000V network interface controllers is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.6AI score0.00928EPSS
Exploits0References2
Veracode
Veracode
added 2020/12/06 4:35 a.m.23 views

Authorization Bypass

lxc is vulnerable to authorization bypass. The vulnerability exists through missing functional level access which allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...

3.3CVSS4.2AI score0.00337EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/02 12:0 a.m.36 views

Apache Cassandra 1.2.x <= 1.2.19 / 2.0.x <= 2.0.13 / 2.1.x <= 2.1.3 RCE

The default configuration in Apache Cassandra running on the remote host version 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote...

7.5CVSS8.9AI score0.06692EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/12/01 12:0 a.m.27 views

Ubuntu 20.04 LTS : MySQL vulnerabilities (USN-4651-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4651-1 advisory. Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This updat...

5.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/12/01 12:0 a.m.9 views

Ubuntu: Security Advisory (USN-4651-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
Veeam
Veeam
added 2020/11/26 12:0 a.m.17 views

Connecting Restored VM Instances to New Networks in Veeam Backup for Google Cloud

Challenge By default, every VM instance in a VPC network has a single default network interface, and you cannot add or remove network interfaces from an existing VM instance. This means that Google Cloud does not allow you to attach the network interface of a VM instance to a different network wh...

6.9AI score
Exploits0Affected Software1
Microsoft CVE
Microsoft CVE
added 2020/10/09 7:0 a.m.2 views

A double free memory issue was found to occur in the libvirt API in versions before 6.8.0 responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon resulting in a denial of service or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

...

7.2CVSS7AI score0.00529EPSS
Exploits0
OSV
OSV
added 2020/10/06 2:15 p.m.2 views

ALPINE-CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

6.7CVSS6.9AI score0.00529EPSS
Exploits0References1
OSV
OSV
added 2020/10/06 2:15 p.m.5 views

AZL-6658 CVE-2020-25637 affecting package libvirt for versions less than 6.1.0-4

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

6.7CVSS6.9AI score0.00529EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/10/06 2:15 p.m.36 views

CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

7.2CVSS6.8AI score0.00529EPSS
Exploits0References2
OSV
OSV
added 2020/10/06 2:15 p.m.6 views

UBUNTU-CVE-2020-25637

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...

6.7CVSS6.8AI score0.00529EPSS
Exploits0References3
Rows per page
Query Builder