81 matches found
RHEL 7 : Red Hat Single Sign-On 7.5.3 security update on RHEL 7 (Moderate) (RHSA-2022:6782)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6782 advisory. Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 7
New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update
A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2022-2256
creationtimestamp| type| source ---|---|--- 2022-09-02 00:38:39+00:00| seen| https://t.me/cibsecurity/49211 2024-01-28 07:17:40+00:00| seen| https://t.me/arpsyndicate/3248...
CVE-2022-2256
CVE-2022-2256 is a stored XSS vulnerability in Keycloak as shipped with Red Hat Single Sign-On (RH SSO) 7.x. The issue stems from improper validation of user-supplied input in the admin console, enabling a privileged attacker to inject and execute scripts via the admin UI by abusing the default r...
CVE-2022-2256
A Stored Cross-site scripting XSS vulnerability was found in keycloak. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality...
RHEL 8 : pcs (RHSA-2022:2256)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2256 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: sinatra: path traversal possib...
Siemens SIMATIC S7-1200 Improper Input Validation (CVE-2014-2256)
Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow remote attackers to cause a denial of service defect-mode transition via crafted ISO-TSAP packets, a different vulnerability than CVE-2014-2257. This plugin only works with Tenable.ot. Please visit...
CVE-2021-2256
Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2021-2256
CVE-2021-2256 affects Oracle Storage Cloud Software Appliance (Management Console) prior to 16.3.1.4.2. An unauthenticated attacker with network access via HTTP can compromise the appliance, potentially taking over the system. The vulnerability is documented with a CVSS v3.1 base score of 10.0 (N...
Huawei EulerOS: Security Advisory for mailman (EulerOS-SA-2020-2256)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-2256
Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2256
Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2020-2256
CVE-2020-2256 concerns Jenkins Pipeline Maven Integration Plugin evaluating upstream display names in build causes. The vulnerability affects version 3.9.2 and earlier, where the upstream job’s display name is not properly escaped, enabling a stored cross-site scripting (XSS) vulnerability. Explo...
CVE-2020-2256
Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Job/Configure permission...
CVE-2019-2256
The CVE-2019-2256 entry concerns a vulnerability in Qualcomm closed‑source components affecting Snapdragon devices (e.g., Snapdragon Auto/Compute/Connectivity, Snapdragon Mobile, Wearables, IOT, and related variants listed in the Red Hat/Qualcomm advisories). An unprivileged user can craft a bits...
CVE-2019-2256
An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...
CVE-2018-2256
...
CVE-2017-2256
CVE-2017-2256 affects Cybozu Garoon 3.0.0 to 4.2.5, with a stored cross-site scripting (XSS) vulnerability in the Rich text functionality of the Memo application that can cause arbitrary script execution in the user’s browser. The issue is documented across multiple sources (NVD/NVD CVE entry; JV...
JVN#63564682: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Denial-of-service DoS vulnerability in the application menu's edit function CWE-20 - CVE-2017-2254 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H| Base Score: 5.5 CVSS...