Lucene search
K

162 matches found

FreeBSD
FreeBSD
added 2020/04/07 12:0 a.m.30 views

ceph14 -- multiple security issues

RedHat reports: ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions. ceph: header-splitting in RGW GetObject has a possible XSS...

6.8CVSS1.7AI score0.01585EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/04/06 12:0 a.m.7 views

PT-2020-15040

Name of the Vulnerable Software and Affected Versions Red Hat Ceph Storage version 4 Red Hat Openshift Container Storage version 4.2 Description A nonce reuse issue was discovered in the secure mode of the messenger v2 protocol. This allows an attacker to forge auth tags and potentially manipulat...

6.8CVSS6.8AI score0.01585EPSS
Exploits0References21
Intel
Intel
added 2020/03/10 12:0 a.m.26 views

Intel® MAX® 10 FPGA Advisory

Summary: A potential security vulnerability in Intel® MAX® 10 FPGA may allow information disclosure. Intel is releasing documentation updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2020-0574 Description: Improper configuration in block design for IntelR MAXR 1...

5.9CVSS5.8AI score0.00364EPSS
Exploits0
OpenVAS
OpenVAS
added 2019/11/18 12:0 a.m.13 views

SYS.2.2.3.A11

Ziel des Bausteins SYS.2.2.3 ist der Schutz von Informationen, die durch und auf Windows 10-Clients verarbeiten werden. Die Standard-Anforderung SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

7.3AI score
Exploits0References1
OSV
OSV
added 2019/07/10 10:44 a.m.8 views

MGASA-2019-0205 Updated dosbox package fixes security vulnerabilities

Dosbox 0.74-3 is a security release: Fixed that a very long line inside a bat file would overflow the parsing buffer. CVE-2019-7165 by Alexandre Bartel Added a basic permission system so that a program running inside DOSBox can't access the contents of /proc e.g. /proc/self/mem when / or /proc we...

9.8CVSS9.6AI score0.06685EPSS
Exploits1References2
Veracode
Veracode
added 2019/06/24 2:36 a.m.19 views

Unauthorized Metadata Modification

Apache Geode is vulnerable to unauthorized metadata modification. This is due to a lack of proper validation of the permissions of a user who has write permissions for specific data regions. When Apache Geode is operating in secure mode, this allows the user to perform unauthorized metadata...

6.5CVSS6.3AI score0.02192EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2019/06/21 4:15 p.m.17 views

Design/Logic Flaw

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

4CVSS6.3AI score0.02192EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/06/21 3:15 p.m.16 views

CVE-2017-15694

When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could modify this data in a way that affects the operation of the cluster...

6.3AI score0.02192EPSS
Exploits0References2
Saint
Saint
added 2018/07/20 12:0 a.m.551 views

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

8.2AI score
Exploits0
Saint
Saint
added 2018/07/20 12:0 a.m.538 views

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

5.2AI score
Exploits0
Saint
Saint
added 2018/07/20 12:0 a.m.25 views

Apache Hadoop YARN ResourceManager remote command execution

Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...

8.2AI score
Exploits0
n0where
n0where
added 2018/04/26 5:28 p.m.30 views

Web Pen-Test Practice Application: OWASP Mutillidae

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on...

0.1AI score
Exploits0
Veracode
Veracode
added 2018/02/27 2:10 a.m.20 views

Information Disclosure

geode-core is vulnerable to information disclosure. If a malicious user gains access to the Geode locator, they are able to access the configuration data and previously deployed code. This is possible because the configuration service doesn't correctly authorize configuration requests when...

7.5CVSS7AI score0.02043EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2018/02/26 2:0 a.m.29 views

CVE-2017-15696

When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...

7.4AI score0.02043EPSS
Exploits0References1
CVE
CVE
added 2018/02/26 2:0 a.m.75 views

CVE-2017-15696

The CVE-2017-15696 entry affects Apache Geode before v1.4.0. In secure mode, the Geode configuration service fails to properly authorize configuration requests, allowing an unprivileged user with access to a Geode locator to extract configuration data and previously deployed application code. Con...

7.5CVSS7.4AI score0.02043EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/01/10 3:29 a.m.19 views

Information disclosure

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

5.5CVSS6.5AI score0.02075EPSS
Exploits3References1Affected Software1
Prion
Prion
added 2018/01/10 3:29 a.m.15 views

Remote code execution

When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries that allow read and write access to objects within unauthorized regions. In addition a user could invoke methods that allow remote cod...

6CVSS7.8AI score0.04177EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/01/10 3:29 a.m.22 views

CVE-2017-12622

When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges...

7.1CVSS6.7AI score0.02075EPSS
Exploits3References1
CVE
CVE
added 2017/10/02 1:0 p.m.106 views

CVE-2017-9797

The vulnerability CVE-2017-9797 affects Apache Geode clusters running versions prior to 1.2.1 in secure mode. An unauthenticated client can enter multi-user authentication mode and send metadata messages, which can disclose information about application data types and enable a denial-of-service a...

6.5CVSS6.5AI score0.01358EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/09/30 1:29 a.m.23 views

CVE-2017-9794

When a cluster is operating in secure mode, a user with read privileges for specific data regions can use the gfsh command line utility to execute queries. In Apache Geode before 1.2.1, the query results may contain data from another user's concurrently executing gfsh query, potentially revealing...

4.3CVSS4.8AI score0.01178EPSS
Exploits0References1
Rows per page
Query Builder