769 matches found
MGASA-2020-0473 Updated libvirt packages fix security vulnerability
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...
Server side request forgery (ssrf)
An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may le...
Authentication flaw
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords...
CVE-2020-25621
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords...
F5 Networks BIG-IP : BIG-IP VE network interface vulnerability (K75111593)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.3.5 / 14.1.2.7 / 15.1.0.4 / 16.0.1. It is, therefore, affected by a vulnerability as referenced in the K75111593 advisory. - In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, and...
Design/Logic Flaw
Improper neutralization of argument delimiters in a command 'Argument Injection' vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Modul...
CVE-2020-5657
Improper neutralization of argument delimiters in a command 'Argument Injection' vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Modul...
python-psutil: Double free because of refcount mishandling
A double free issue has been discovered in python-psutil because of the mishandling of refcounts while converting system data into Python objects in functions like psutildiskpartitions, psutilusers, psutilnetifaddrs, and others. In particular cases, a local attacker may be able to get code...
Exploit for CVE-2020-16898
CVE-2020-16898Checker Check all Network I...
Malicious Package
maleficent contains malicious code. The code when executed in the browser would capture environment variables, OS information, network interface, AWS credentials, npm credentials and ssh keys. It also subsequently prints the information to a local file...
OPENSUSE-SU-2020:1190-1 Security update for xen
This update for xen fixes the following issues: - bsc1174543 - secure boot related fixes - bsc1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached This update was imported from the SUSE:SLE-15-SP2:Update update project...
python-psutil: Double free because of refcount mishandling
A double free issue has been discovered in python-psutil because of the mishandling of refcounts while converting system data into Python objects in functions like psutildiskpartitions, psutilusers, psutilnetifaddrs, and others. In particular cases, a local attacker may be able to get code...
Moderate: Red Hat Security Advisory: containernetworking-plugins security update
An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
The vulnerability of Microprogrammed Network Interface Systems in Cisco Firepower Threat Defense, related to access control deficiencies, allows attackers to compromise the integrity of protected information.
The vulnerability of Cisco Firepower Threat Defense’s microprogrammed network interface controllers is related to lack of access control. Exploiting this vulnerability allows a malicious actor to influence the integrity of protected information by using a specially created remote management traff...
The vulnerability of Microprogrammed Network Interface Cards from Cisco Firepower Threat Defense, related to resource management errors, allows attackers to trigger a service failure.
The vulnerability of Cisco Firepower Threat Defense’s microprogrammed network interface controllers is related to resource management errors. Exploiting this vulnerability allows a malicious actor to cause service failures by creating a large number of remote management connections on the...
The vulnerability of Microprogrammed Network Interface Systems in Cisco Firepower Threat Defense, related to access control deficiencies, allows attackers to execute arbitrary code with root privileges.
The vulnerability of Cisco Firepower Threat Defense’s microprogrammed network interface controllers is related to lack of access control. Exploiting this vulnerability could allow an attacker to execute arbitrary code with root privileges...
The vulnerability of the Secure Sockets Layer and Transport Layer Security implementations in Cisco Firepower Threat Defense’s microprogramming-based network interface controllers allows attackers to induce service failures.
The vulnerability of the Secure Sockets Layer and Transport Layer Security implementations of Cisco Firepower Threat Defense’s microprogramming-based network interface controllers is related to the execution of operations beyond the buffer in memory. Exploitation of this vulnerability could allow...
The vulnerability of the LXC virtualization system, related to an error in providing access to the user when requesting the deletion of a network interface, allows a malicious actor to gain access to confidential data.
The vulnerability of the LXC virtualization system relates to an error in providing access to users when requesting the deletion of a network interface. Exploiting this vulnerability allows an attacker to gain access to confidential data...
PT-2020-2648 · Oracle +2 · Virtualbox +2
Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 5.2.40 Oracle VM VirtualBox versions prior to 6.0.20 Oracle VM VirtualBox versions prior to 6.1.6 Description: The issue is related to insufficient input validation in the Core component of Oracle VM...
Arbitrary Code Execution
qemu is vulnerable to arbitrary code execution. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host o...