Lucene search
K

23 matches found

NVD
NVD
added 2026/05/28 7:16 p.m.20 views

CVE-2026-45039

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...

9.8CVSS0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2022-34807

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00924EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/22 5:0 a.m.3 views

CVE-2019-11495

In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remot...

9.8CVSS7.3AI score0.02139EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/12/23 12:0 a.m.21 views

Fedora 36 : booth (2022-6744980220)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-6744980220 advisory. Remove Alias directive from [email protected] unit file ---- Security fix for CVE-2022-2553 Tenable has extracted the preceding description block...

6.5CVSS6.5AI score0.00924EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/12/22 12:0 a.m.15 views

Fedora 35 : booth (2022-e0a87993b8)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-e0a87993b8 advisory. Remove Alias directive from [email protected] unit file ---- Security fix for CVE-2022-2553 Tenable has extracted the preceding description block...

6.5CVSS6.5AI score0.00924EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/09/20 1:41 p.m.13 views

booth: authfile directive in booth config file is completely ignored.

A flaw was found in booth in the way it handles the authfile directive in configuration files, which causes authentication to be skipped between nodes. As a result, an attacker-controlled node that does not have the correct authentication key does not prevent communication with other nodes in the...

6.5CVSS5.7AI score0.00924EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/07/31 12:0 a.m.16 views

Debian: Security Advisory (DSA-5194-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.00924EPSS
Exploits0References4
Debian
Debian
added 2022/07/29 2:43 p.m.30 views

[SECURITY] [DSA 5194-1] booth security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5194-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 29, 2022 https://www.debian.org/security/faq -...

6.5CVSS6.4AI score0.00924EPSS
Exploits0
OSV
OSV
added 2022/07/28 3:15 p.m.0 views

DEBIAN-CVE-2022-2553

The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster...

6.5CVSS6.4AI score0.00924EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/28 12:0 a.m.1 views

booth 授权问题漏洞

Both is an open source ticket manager from ClusterLabs. A security vulnerability exists in booth that stems from the authfile directive in the booth configuration file being ignored, preventing the use of authentication in node-to-node communication. As a result, a node without the correct...

6.5CVSS6.3AI score0.00924EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/14 1:56 a.m.21 views

Apache Solr insecure inter-node communication

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...

7.5CVSS1.6AI score0.05526EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2019/09/10 6:15 p.m.3 views

CVE-2019-11495

In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remot...

9.8CVSS7.3AI score0.02139EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/09/10 5:16 p.m.15 views

CVE-2019-11495

In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remot...

9.6AI score0.02139EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/09/10 12:0 a.m.5 views

PT-2019-12335 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions prior to 6.0.0 Description: The issue arises from the insecure generation of a cookie used for intra-node communication in Couchbase Server. Specifically, the erlang:now function is used to seed the PRNG, resulting i...

9.8CVSS9.5AI score0.02139EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/29 8:22 p.m.18 views

Security Bulletin: CVE-2017-7660: Security Vulnerability in secure inter-node communication in Apache Solr

Summary A potential security vulnerability has been identified for systems that are set up to use basic authentication. The version of Solr that is included with both IBM i2 Enterprise Insight Analysis and IBM i2 Analyze is affected, and has been patched in the latest fix pack. Vulnerability...

1.6AI score0.05526EPSS
Exploits1Affected Software2
RedhatCVE
RedhatCVE
added 2017/07/20 11:48 a.m.26 views

CVE-2017-7660

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...

7.5CVSS1.6AI score0.05526EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2017/07/10 12:0 a.m.48 views

Apache Solr Inter-Node Communication Vulnerability (SOLR-10624) - Linux

Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node i...

7.5CVSS7.6AI score0.05526EPSS
Exploits1References1
0day.today
0day.today
added 2017/07/08 12:0 a.m.55 views

Apache Solar 5.5.4 / 6.5.1 Member Spoofing Vulnerability

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...

5CVSS7.5AI score0.05526EPSS
Exploits1
OSV
OSV
added 2017/07/07 7:29 p.m.16 views

CVE-2017-7660

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...

7.5CVSS6.9AI score0.05526EPSS
Exploits1References3
Prion
Prion
added 2017/07/07 7:29 p.m.10 views

Authentication flaw

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...

5CVSS7.5AI score0.05526EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder