Lucene search
K

17 matches found

NVD
NVD
added 6 hours ago4 views

CVE-2026-31985

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS
Exploits0References1
Cvelist
Cvelist
added 7 hours ago6 views

CVE-2026-31985 Disabled and non-configurable TLS certificate validation in n2os-tui when connecting the Remote Collector to a Guardian or CMC, in Remote Collector before v26.2.0

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS
Exploits0References1
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42535

When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the generated configuration disabled TLS certificate verification, and no option was provided to enable it. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the...

8.3CVSS6AI score
Exploits0References1
CVE
CVE
added 7 hours ago9 views

CVE-2026-31985

CVE-2026-31985 affects the Remote Collector when configuring a Guardian or CMC via n2os-tui. The generated configuration disables TLS certificate verification, with no option to re-enable it, enabling MITM and potentially theft of the sync token, impersonation of the server, injection of spoofed ...

8.3CVSS6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:36 a.m.5 views

CVE-2021-41315

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...

9CVSS7.7AI score0.01221EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-28345

Malicious code in bioql PyPI...

8.5CVSS8.1AI score0.0139EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2021-28344

Malicious code in bioql PyPI...

9CVSS8.6AI score0.01221EPSS
Exploits0References2
OSV
OSV
added 2021/09/17 3:15 p.m.6 views

CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

8.1CVSS5.9AI score0.0139EPSS
Exploits0References3
OSV
OSV
added 2021/09/17 3:15 p.m.4 views

CVE-2021-41315

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...

8.8CVSS7.5AI score0.01221EPSS
Exploits0References2
NVD
NVD
added 2021/09/17 3:15 p.m.20 views

CVE-2021-41315

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...

9CVSS0.01221EPSS
Exploits0References2
Prion
Prion
added 2021/09/17 3:15 p.m.14 views

Design/Logic Flaw

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

8.5CVSS8AI score0.0139EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/09/17 3:15 p.m.11 views

Design/Logic Flaw

The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker with access to the console application to execute arbitrary OS commands and escalate privileges...

9CVSS9AI score0.01221EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/09/17 3:15 p.m.3 views

CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

8.5CVSS7.4AI score0.0139EPSS
Exploits0References4
CVE
CVE
added 2021/09/17 2:46 p.m.42 views

CVE-2021-41315

Device42 Remote Collector prior to version 17.05.01 is vulnerable to a command-injection in the SNMP Connectivity utility due to unsanitized user input. An authenticated attacker with access to the console application can execute arbitrary OS commands and escalate privileges. Remediation per conn...

9CVSS9AI score0.01221EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/17 2:45 p.m.23 views

CVE-2021-41316

The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker with permissions to add or edit jobs run by this utility can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector...

8.3AI score0.0139EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/17 12:0 a.m.6 views

Device42 Remote Collector 操作系统命令注入漏洞

Device42 Remote Collector is a virtual appliance from Device42, Inc. that facilitates SNMP, IPMI, hypervisor, and other auto-discovery across a network, requiring only https access and no need to open a large number of ports across network segments. A security vulnerability exists in Device42...

9CVSS8.3AI score0.01221EPSS
Exploits0References3
NCSC
NCSC
added 2020/05/09 12:0 a.m.6 views

Vulnerabilities fixed in VMware vRealize Operations Manager

There are two vulnerabilities in VMware vRealize Operations Manager. These vulnerabilities, if exploited, can lead to the execute arbitrary code with administrator privileges on the Application Remote Collector ARC and all virtual systems on which an ARC Telegraph agent is installed. VMWare has...

9.8CVSS9.9AI score0.96405EPSS
Exploits25
Rows per page
Query Builder