FastMCP 安全漏洞

FastMCP is a MCP server building software developed by Jeremiah Lowin. Versions of FastMCP prior to 3.2.0 contained security vulnerabilities; these vulnerabilities stemmed from incorrect user authorization verification by OAuthProxy, which could lead to rogue agent attacks...

EUVD-2022-0135

Malicious code in bioql PyPI...

CentOS 9 : keylime-6.5.2-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the keylime-6.5.2-1.el9 build changelog. - A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists t...

Rocky Linux 9 : keylime (RLSA-2022:8444)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8444 advisory. - A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibilit...

CVE-2023-46667

An issue was discovered in Fleet Server = v8.10.0 and v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. These enrolment tokens could allow someone to enrol an agent into an agent policy, and potentially use that to retrieve other secrets in th...

SUSE SLED15 / SLES15 Security Update : keylime (SUSE-SU-2022:4204-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4204-1 advisory. - A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handl...

CVE-2022-3500

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

Design/Logic Flaw

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

PYSEC-2022-42995

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

PYSEC-2022-42995

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

CVE-2022-3500

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

CVE-2022-3500

CVE-2022-3500 affects keylime; multiple Nessus/Fedora advisories indicate a vulnerability in exception handling in Tornado requests within keylime that could allow a rogue verifier to cause attestation attempts to stop while remaining attested. The issue is referenced across various Linux distrib...

CVE-2022-3500

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

CVE-2022-23949

In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar...

The enemy is us: a look at insider threats

They can go undetected for years. They do their questionable deeds in the background. And, at times, one wonders if they're doing more harm than good. Although this sounds like we're describing some sophisticated PUP you haven’t heard of, we're not. These are the known attributes of insider...

McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities

No description provided by source. Exploit Title: McAfee ePolicy Orchestrator 4.6.0-4.6.5 ePowner - Multiple vulnerabilities Date: 20 November 2012 Exploit Author: [email protected] a.k.a. [email protected] Vendor Homepage: http://www.mcafee.com/uk/products/epolicy-orchestrator.aspx Version...

McAfee ePolicy Orchestrator 4.6.0-4.6.5 (ePowner) - Multiple Vulnerabilities

McAfee ePolicy Owner ePowner version 0.1 is an exploit that can add an administrative user to McAfee ePolicy Orchestrator as well as execute arbitrary commands on versions 4.6.0 through 4.6.5. Exploit Title: McAfee ePolicy Orchestrator 4.6.0-4.6.5 ePowner - Multiple vulnerabilities Date: 20...

McAfee ePolicy Orchestrator 4.6.0 < 4.6.5 - 'ePowner' Multiple Vulnerabilities

Exploit Title: McAfee ePolicy Orchestrator 4.6.0-4.6.5 ePowner - Multiple vulnerabilities Date: 20 November 2012 Exploit Author: [email protected] a.k.a. [email protected] Vendor Homepage: http://www.mcafee.com/uk/products/epolicy-orchestrator.aspx Version: 4.6.0 - 4.6.5 Tested on: Windows...