Lucene search
+L

81 matches found

Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.61 views

RHEL 7 : Red Hat Single Sign-On 7.5.3 security update on RHEL 7 (Moderate) (RHSA-2022:6782)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6782 advisory. Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...

10CVSS7.4AI score0.63211EPSS
Exploits5References19
RedHat Linux
RedHat Linux
added 2022/10/04 4:2 p.m.118 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 7

New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS7.2AI score0.63211EPSS
Exploits5References9
RedHat Linux
RedHat Linux
added 2022/10/04 3:53 p.m.74 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update

A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS7.2AI score0.63211EPSS
Exploits5References10
Circl
Circl
added 2022/09/02 12:38 a.m.10 views

CVE-2022-2256

creationtimestamp| type| source ---|---|--- 2022-09-02 00:38:39+00:00| seen| https://t.me/cibsecurity/49211 2024-01-28 07:17:40+00:00| seen| https://t.me/arpsyndicate/3248...

3.8CVSS5.3AI score0.00572EPSS
Exploits0References2
CVE
CVE
added 2022/09/01 7:57 p.m.158 views

CVE-2022-2256

CVE-2022-2256 is a stored XSS vulnerability in Keycloak as shipped with Red Hat Single Sign-On (RH SSO) 7.x. The issue stems from improper validation of user-supplied input in the admin console, enabling a privileged attacker to inject and execute scripts via the admin UI by abusing the default r...

3.8CVSS4AI score0.00572EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2022/06/29 8:5 p.m.66 views

CVE-2022-2256

A Stored Cross-site scripting XSS vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...

3.8CVSS3.3AI score0.00572EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/05/16 12:0 a.m.27 views

RHEL 8 : pcs (RHSA-2022:2256)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2256 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: path traversal possib...

7.5CVSS6.9AI score0.02059EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.16 views

Siemens SIMATIC S7-1200 Improper Input Validation (CVE-2014-2256)

Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service defect-mode transition via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257. This plugin only works with Tenable.ot. Please visit...

7.8CVSS5.5AI score0.03609EPSS
Exploits1References4
NVD
NVD
added 2021/04/22 10:15 p.m.20 views

CVE-2021-2256

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

10CVSS0.01666EPSS
Exploits0References1
CVE
CVE
added 2021/04/22 9:53 p.m.58 views

CVE-2021-2256

CVE-2021-2256 affects Oracle Storage Cloud Software Appliance (Management Console) prior to 16.3.1.4.2. An unauthenticated attacker with network access via HTTP can compromise the appliance, potentially taking over the system. The vulnerability is documented with a CVSS v3.1 base score of 10.0 (N...

10CVSS9.5AI score0.01666EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2020/10/30 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2020-2256)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS5.9AI score0.02698EPSS
Exploits1References2
NVD
NVD
added 2020/09/16 2:15 p.m.27 views

CVE-2020-2256

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS0.00735EPSS
Exploits0References2
OSV
OSV
added 2020/09/16 2:15 p.m.22 views

CVE-2020-2256

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.4CVSS5.4AI score
Exploits0References2
CVE
CVE
added 2020/09/16 1:20 p.m.85 views

CVE-2020-2256

CVE-2020-2256 concerns Jenkins Pipeline Maven Integration Plugin evaluating upstream display names in build causes. The vulnerability affects version 3.9.2 and earlier, where the upstream job’s display name is not properly escaped, enabling a stored cross-site scripting (XSS) vulnerability. Explo...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/16 1:20 p.m.30 views

CVE-2020-2256

Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...

5.3AI score0.00735EPSS
Exploits0References2
CVE
CVE
added 2019/06/14 5:2 p.m.283 views

CVE-2019-2256

The CVE-2019-2256 entry concerns a vulnerability in Qualcomm closed‑source components affecting Snapdragon devices (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon Mobile, Wearables, IOT, and related variants listed in the Red Hat/Qualcomm advisories). An unprivileged user can craft a bits...

10CVSS9.5AI score0.01529EPSS
Exploits0References1Affected Software1
android
android
added 2019/05/01 12:0 a.m.40 views

CVE-2019-2256

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

10CVSS2.5AI score0.01529EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/01/22 8:0 p.m.9 views

CVE-2018-2256

...

Exploits0
CVE
CVE
added 2017/08/28 8:0 p.m.53 views

CVE-2017-2256

CVE-2017-2256 affects Cybozu Garoon 3.0.0 to 4.2.5, with a stored cross-site scripting (XSS) vulnerability in the Rich text functionality of the Memo application that can cause arbitrary script execution in the user’s browser. The issue is documented across multiple sources (NVD/NVD CVE entry; JV...

5.4CVSS5.7AI score0.00538EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/08/21 12:0 a.m.67 views

JVN#63564682: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS vulnerability in the application menu's edit function CWE-20 - CVE-2017-2254 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H| Base Score: 5.5 CVSS...

6.1CVSS5.5AI score0.01326EPSS
Exploits0
Rows per page
Query Builder