Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-iscsi project open-iscsi vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-17840
An issue exists in Open-iSCSI up to and including 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with over...
Open-iscsi Project Open-iscsi
NA
CVE-2007-3100
usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) prior to 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang) by grabbing the semaph...
Redhat Open Iscsi
7.5
CVSSv3
CVE-2020-13987
An issue exists in Contiki up to and including 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c.
Uip Project Uip
Open-iscsi Project Open-iscsi
Siemens Sentron 3va Com100 Firmware
Siemens Sentron 3va Com800 Firmware
Siemens Sentron Pac3200 Firmware
Siemens Sentron Pac4200 Firmware
8.2
CVSSv3
CVE-2020-17437
An issue exists in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal d...
Uip Project Uip
Open-iscsi Project Open-iscsi
Siemens Sentron 3va Com100 Firmware
Siemens Sentron 3va Com800 Firmware
Siemens Sentron 3va Dsp800 Firmware
Siemens Sentron Pac2200 Clp Firmware -
Siemens Sentron Pac2200 Firmware
Siemens Sentron Pac3200 Firmware
Siemens Sentron Pac3200t Firmware
Siemens Sentron Pac3220 Firmware
Siemens Sentron Pac4200 Firmware
NA
CVE-2007-3099
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) prior to 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote malicious users to access the management interface and cause a denial of service (iscsi...
Redhat Enterprise Linux 5.0
7.8
CVSSv3
CVE-2020-14019
Open-iSCSI rtslib-fb up to and including 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.
Rtslib-fb Project Rtslib-fb
8.1
CVSSv3
CVE-2021-3139
In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x up to and including 1.5.2, xcopy_locate_udev in tcmur_cmd_handler.c lacks a check for transport-layer restrictions, allowing remote malicious users to read or write files via directory traversal in an XCOPY request. For example, a...
Tcmu-runner Project Tcmu-runner
5.5
CVSSv3
CVE-2020-13867
Open-iSCSI targetcli-fb up to and including 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).
Targetcli-fb Project Targetcli-fb
Fedoraproject Fedora 32
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started