Lucene search
+L

168 matches found

Packet Storm
Packet Storm
added 2024/05/14 12:0 a.m.371 views

Apache mod_proxy_cluster Cross Site Scripting

import requests import argparse from bs4 import BeautifulSoup from urllib.parse import urlparse, parseqs, urlencode, urlunparse from requests.exceptions import RequestException class Colors: RED = '\03391m' GREEN = '\0331;49;92m' RESET = '\0330m' def getclustermanagerurlbaseurl, path:...

7.4AI score0.02242EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2024/04/30 10:5 a.m.5 views

mod_cluster/mod_proxy_cluster: Stored Cross site Scripting

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.6AI score0.02242EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2024/03/28 8:50 p.m.43 views

Important: Red Hat Security Advisory: ACS 4.4 enhancement and security update

Important: Updated images are now available for Red Hat Advanced Cluster Security. Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. This release includes the following features and updates: New Compliance capabilities...

9.1CVSS6.6AI score0.01956EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2024/03/25 10:51 a.m.33 views

USN-6711-1: CRM shell vulnerability

Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline...

7.8CVSS7.8AI score0.00675EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/03/18 4:37 p.m.7 views

mod_cluster/mod_proxy_cluster: Stored Cross site Scripting

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.6AI score0.02242EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2024/03/18 4:22 p.m.5 views

mod_cluster/mod_proxy_cluster: Stored Cross site Scripting

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.6AI score0.02242EPSS
Exploits5References4
OSV
OSV
added 2023/12/12 10:15 p.m.6 views

CVE-2023-6710

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.6AI score0.02242EPSS
Exploits5References5
NVD
NVD
added 2023/12/12 10:15 p.m.33 views

CVE-2023-6710

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS0.02242EPSS
Exploits5References5
RedhatCVE
RedhatCVE
added 2023/12/12 6:27 a.m.51 views

CVE-2023-6710

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

5.4CVSS5.7AI score0.02242EPSS
Exploits5References3
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.7 views

PT-2023-32745 · Apache +2 · Apache Server +2

Name of the Vulnerable Software and Affected Versions: Apache server affected versions not specified Description: A flaw was found in the mod proxy cluster in the Apache server, which may allow a malicious user to add a script in the alias parameter in the URL to trigger a stored cross-site...

7.5CVSS5.3AI score0.02242EPSS
Exploits5References27
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.34 views

Oracle Linux 5 : rgmanager (ELSA-2009-1339)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-1339 advisory. 2.0.52-1.0.1 - Update summary and description to be vendor neutral 2.0.52-1 - When vm.sh does a status check and gets 'no state' it is now treated as a running...

6.9CVSS5.5AI score0.0039EPSS
Exploits0References2
Veracode
Veracode
added 2023/04/28 2:55 a.m.29 views

Privilege Escalation

github.com/open-cluster-management-io/registration-operator is vulnerable to Privilege Escalation. The vulnerability exists when a user has access to the worker nodes with the cluster-manager-registration-controller or cluster-manager deployments which allows a malicious user to bind the...

6.7CVSS8.3AI score0.00204EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/04/24 9:15 p.m.23 views

Design/Logic Flaw

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

4CVSS6.5AI score0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/24 12:0 a.m.12 views

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

6.6AI score0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/24 12:0 a.m.45 views

CVE-2023-2250

A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...

6.7AI score0.00204EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.13 views

Debian: Security Advisory (DSA-1959-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.03285EPSS
Exploits0References3
OSV
OSV
added 2023/02/06 9:15 p.m.7 views

CVE-2022-42951

An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time before the cluster management authentication has started where an attacker can connect to the cluster...

8.1CVSS5.8AI score0.00657EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/06 12:0 a.m.13 views

CVE-2022-42951

An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time before the cluster management authentication has started where an attacker can connect to the cluster...

7.3AI score0.00657EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.6 views

Couchbase Server 竞争条件问题漏洞

Couchbase Server is a distributed open source NoSQL non-relational database from Couchbase Inc. in the U.S. It mainly supports data querying, full-text search and active global replication. A security vulnerability in Couchbase Server versions 6.5.x prior to 6.6.6 and 6.6.x, 7.x prior to 7.0.5, a...

8.1CVSS7.7AI score0.00657EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 4:2 a.m.33 views

Security Bulletin: IBM Platform Cluster Manager – Standard Edition (CVE-2014-0092, CVE-2009-5138)

Abstract Security vulnerability has been reported against GnuTLS where a remote attacker could be allowed to bypass security restrictions, providing them with access to the system. A version of GnuTLS that is vulnerable to the issue is included in past versions of IBM Platform Cluster Manager –...

5.8CVSS6.7AI score0.29958EPSS
Exploits2Affected Software3
Rows per page
Query Builder