Lucene search
+L

268 matches found

CNNVD
CNNVD
added 2023/04/18 12:0 a.m.6 views

OpenRISC mor1kx 安全漏洞

mor1kx is an OpenRISC 1000 processor IP core open sourced from OpenRISC. A security vulnerability exists in OpenRISC mor1kx, which arises from a control unit that does not properly implement read/write access to the exception program counter register...

7.8CVSS7.4AI score0.00162EPSS
Exploits0References3
OSV
OSV
added 2023/03/03 11:15 p.m.4 views

CVE-2023-27290

Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...

9.1CVSS5.8AI score0.08573EPSS
Exploits3References3
Prion
Prion
added 2023/03/03 11:15 p.m.13 views

Design/Logic Flaw

Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...

6.4CVSS8.8AI score0.08573EPSS
Exploits3References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.5 views

SUSE CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...

9.1CVSS7.1AI score0.0169EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:34 a.m.4 views

SUSE CVE-2022-0670

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of...

8.1CVSS7.4AI score0.00935EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.4 views

PT-2023-1098 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom for Android versions prior to 5.13.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access, allowing a third-party app to exploit this and read and write to the Zoom application da...

7.1CVSS6.7AI score0.00277EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/11/05 12:0 a.m.5 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. An attacker could exploit the vulnerability to gain read and write access to arbitrary system files,...

7.5CVSS7.5AI score0.004EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/12 12:0 a.m.7 views

多款Schneider Electric产品授权问题漏洞

Schneider Electric EcoStruxure Control Expert formerly Unity Pro and Schneider Electric EcoStruxure Process Expert are both products of Schneider Electric, a French company. Schneider Electric EcoStruxure Control Expert is a suite of programming software for Schneider Electric logic controller...

9.8CVSS8.4AI score0.00674EPSS
Exploits0References2
OSV
OSV
added 2022/07/25 2:15 p.m.2 views

DEBIAN-CVE-2022-0670

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of...

9.1CVSS7.9AI score0.00935EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/21 12:0 a.m.4 views

Red Hat Ceph 安全漏洞

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure based on POSIX Portable Operating System Interface, enabling fault-tolerant and seamless replication of data. A...

9.1CVSS7.8AI score0.00935EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2022/07/12 9:15 p.m.52 views

CVE-2022-31012

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into C:\mingw64\bin\git.exe by mistake. This only happens upon a fresh install, not when upgrading Git for Windows. A patch is...

8.2CVSS4AI score0.00394EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/06/16 12:0 a.m.8 views

PT-2022-16718

Name of the Vulnerable Software and Affected Versions IOBit IOTransfer version 4.3.1.1561 Description The issue allows an unauthenticated attacker to send GET and POST requests to Airserv, resulting in arbitrary read/write access to the entire file-system with admin privileges on the victim's...

10CVSS7.6AI score0.53224EPSS
Exploits3References12
ATTACKERKB
ATTACKERKB
added 2022/06/09 5:15 p.m.3 views

CVE-2022-26362

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by...

6.9CVSS7.1AI score0.00379EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2022/05/31 12:0 a.m.9 views

The vulnerability of the programming software simulator PLC EcoStruxure Control Expert, the automation system ProcessExpert, the configuration software SCADAPack RemoteConnect, and the micro-software for programmable logic controllers Modicon M580 and Modicon M340 relates to the bypassing of authentication procedures. This allows a perpetrator to gain access in read-only and write mode.

The vulnerabilities of the EcoStruxure Control Expert programming tool, the ProcessExpert automation system, the SCADAPack RemoteConnect configuration tool, and the Modicon M580 and Modicon M340 programmable logic controllers are related to the ability to bypass authentication through spoofing...

9.4CVSS8.1AI score0.01023EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 7:19 p.m.8 views

GHSA-M9HR-259F-2V23 Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

9CVSS5.9AI score0.01327EPSS
Exploits0References6
Prion
Prion
added 2022/03/30 4:15 p.m.12 views

Design/Logic Flaw

In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.6CVSS7.8AI score0.00107EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/03 12:0 a.m.6 views

CVE-2022-20754

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

9CVSS7.6AI score0.03177EPSS
Exploits0References2
OSV
OSV
added 2022/01/05 7:15 p.m.2 views

DEBIAN-CVE-2021-43816

containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...

9.1CVSS7.2AI score0.0169EPSS
Exploits1References1
Prion
Prion
added 2022/01/05 7:15 p.m.24 views

Design/Logic Flaw

containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...

6CVSS8.9AI score0.0169EPSS
Exploits1References6Affected Software2
ATTACKERKB
ATTACKERKB
added 2021/12/17 12:0 a.m.2 views

CVE-2021-36780

A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write data to and from a replica that they should not have access to. This issue affects: SUSE Longhorn...

8.1CVSS7.2AI score0.00451EPSS
Exploits0References3
Rows per page
Query Builder