15 matches found
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the CloudSpec method on the Controller facade. An attacker can obtain sensitive cloud credentials by making an authenticated API call with only basic login permissions, without requiring elevated privileges...
GHSA-W5FQ-8965-C969 Juju: CloudSpec method leaking cloud credentials
Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...
Juju: CloudSpec method leaking cloud credentials
Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...
CVE-2019-17070
The liquid-speech-balloon aka LIQUID SPEECH BALLOON plugin before 1.0.7 for WordPress allows XSS with Internet Explorer...
CVE-2020-17070
creationtimestamp| type| source ---|---|--- 2020-11-11 12:34:58+00:00| seen| https://t.me/cibsecurity/16146 2021-08-11 18:46:50+00:00| seen| https://t.me/truesecator/1993...
CVE-2020-17070
Windows Update Medic Service Elevation of Privilege Vulnerability...
CVE-2020-17070
Windows Update Medic Service Elevation of Privilege Vulnerability...
CVE-2020-17070
The CVE-2020-17070 entry concerns the Windows Update Medic Service Elevation of Privilege vulnerability. The available documents identify a local, low-privilege elevation of privilege in the Windows Update Medic Service, with the NVD metrics showing local access, low attack complexity, and high i...
CVE-2020-17070 Windows Update Medic Service Elevation of Privilege Vulnerability
...
KB4586786: Windows 10 Version 1903 and Windows 10 Version 1909 November 2020 Security Update
The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from t...
CVE-2019-17070
The liquid-speech-balloon aka LIQUID SPEECH BALLOON plugin before 1.0.7 for WordPress allows XSS with Internet Explorer...
CVE-2019-17070
CVE-2019-17070 affects the WordPress plugin liquid-speech-balloon (aka LIQUID SPEECH BALLOON) prior to version 1.0.7. The available documents describe a cross-site scripting (XSS) vulnerability (specifically with Internet Explorer) in this plugin. The root cause and specific vulnerable component/...
CVE-2018-17070
UNL-CMS 7.59 is affected by a CSRF vulnerability (CVE-2018-17070) that allows an attacker to update site settings via the URL path ?q=admin/config/system/site-information&render=overlay&render=overlay. The vulnerability is documented across multiple sources (NVD/CNVD entries) as CSRF that can mod...
CVE-2017-17070
...
CVE-2017-17070
CVE-2017-17070 is rejected/not used; this CVE ID does not represent an active vulnerability entry.