168 matches found
Apache mod_proxy_cluster Cross Site Scripting
import requests import argparse from bs4 import BeautifulSoup from urllib.parse import urlparse, parseqs, urlencode, urlunparse from requests.exceptions import RequestException class Colors: RED = '\03391m' GREEN = '\0331;49;92m' RESET = '\0330m' def getclustermanagerurlbaseurl, path:...
mod_cluster/mod_proxy_cluster: Stored Cross site Scripting
A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...
Important: Red Hat Security Advisory: ACS 4.4 enhancement and security update
Important: Updated images are now available for Red Hat Advanced Cluster Security. Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes new features and bug fixes. This release includes the following features and updates: New Compliance capabilities...
USN-6711-1: CRM shell vulnerability
Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline...
mod_cluster/mod_proxy_cluster: Stored Cross site Scripting
A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...
mod_cluster/mod_proxy_cluster: Stored Cross site Scripting
A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...
CVE-2023-6710
A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...
CVE-2023-6710
A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...
CVE-2023-6710
A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...
PT-2023-32745 · Apache +2 · Apache Server +2
Name of the Vulnerable Software and Affected Versions: Apache server affected versions not specified Description: A flaw was found in the mod proxy cluster in the Apache server, which may allow a malicious user to add a script in the alias parameter in the URL to trigger a stored cross-site...
Oracle Linux 5 : rgmanager (ELSA-2009-1339)
The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-1339 advisory. 2.0.52-1.0.1 - Update summary and description to be vendor neutral 2.0.52-1 - When vm.sh does a status check and gets 'no state' it is now treated as a running...
Privilege Escalation
github.com/open-cluster-management-io/registration-operator is vulnerable to Privilege Escalation. The vulnerability exists when a user has access to the worker nodes with the cluster-manager-registration-controller or cluster-manager deployments which allows a malicious user to bind the...
Design/Logic Flaw
A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...
CVE-2023-2250
A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...
CVE-2023-2250
A flaw was found in the Open Cluster Management OCM when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service...
Debian: Security Advisory (DSA-1959-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-42951
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time before the cluster management authentication has started where an attacker can connect to the cluster...
CVE-2022-42951
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time before the cluster management authentication has started where an attacker can connect to the cluster...
Couchbase Server 竞争条件问题漏洞
Couchbase Server is a distributed open source NoSQL non-relational database from Couchbase Inc. in the U.S. It mainly supports data querying, full-text search and active global replication. A security vulnerability in Couchbase Server versions 6.5.x prior to 6.6.6 and 6.6.x, 7.x prior to 7.0.5, a...
Security Bulletin: IBM Platform Cluster Manager – Standard Edition (CVE-2014-0092, CVE-2009-5138)
Abstract Security vulnerability has been reported against GnuTLS where a remote attacker could be allowed to bypass security restrictions, providing them with access to the system. A version of GnuTLS that is vulnerable to the issue is included in past versions of IBM Platform Cluster Manager –...