Lucene search
+L

158 matches found

ptsecurity
ptsecurity
added 2022/08/25 12:0 a.m.6 views

PT-2022-23792 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R version 9.1.0u.6115 B20201022 Description: A command injection issue was found via the lang parameter at the "/setting/setLanguageCfg" API endpoint. This allows for potential command injection attacks. Recommendations: For...

7.8CVSS7.7AI score0.00932EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2022/05/10 12:0 a.m.7 views

PT-2022-19301 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: TOTOLink N600R version V5.3c.7159 B20190425 Description: A command injection issue was discovered via the langtype parameter in the "/setting/setLanguageCfg" API endpoint. This allows for potential command execution. No information is provide...

10CVSS9.6AI score0.02492EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/03/10 5:47 p.m.3 views

CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

6.5CVSS6.6AI score0.00938EPSS
Exploits0References3
nvd
nvd
added 2022/03/10 5:47 p.m.32 views

CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

6.5CVSS0.00938EPSS
Exploits0References2
prion
prion
added 2022/03/10 5:47 p.m.17 views

Code injection

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

4CVSS6.4AI score0.00938EPSS
Exploits0References2Affected Software1
osv
osv
added 2022/03/10 5:44 p.m.5 views

CVE-2021-42787

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a...

9.8CVSS5.8AI score0.01308EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2022/03/09 12:0 a.m.4 views

PT-2022-11711 · Riverbed · Steelcentral Appinternals Dynamic Sampling Agent

Name of the Vulnerable Software and Affected Versions: SteelCentral AppInternals Dynamic Sampling Agent DSA affected versions not specified Description: A security issue was found in the SteelCentral AppInternals Dynamic Sampling Agent DSA, where it uses a ".debug command.config" file to store a...

7.8CVSS7.5AI score0.0022EPSS
Exploits0References2
cvelist
cvelist
added 2022/03/07 9:41 p.m.36 views

CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

6.6AI score0.00938EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2022/03/07 9:41 p.m.88 views

CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

6.5CVSS6.5AI score0.00938EPSS
Exploits0
hashicorp
hashicorp
added 2022/03/04 10:52 p.m.8 views

Vault Enterprise’s Tokenization Transform Configuration Endpoint May Expose Transform Key

Summary Vault Enterprise “Vault” clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. This vulnerability, CVE-2022-25244, was fixed in Vault Enterprise...

6.5CVSS6.6AI score0.00938EPSS
Exploits0
attackerkb
attackerkb
added 2021/12/31 12:0 a.m.3 views

CVE-2021-43945

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Administrator permissions to inject arbitrary HTML or JavaScript via a Stored Cross-Site Scripting SXSS vulnerability in the /rest/jpo/1.0/hierarchyConfiguration endpoint. The affected versions are...

4.8CVSS6AI score0.00566EPSS
Exploits0References2
redhat
redhat
added 2021/05/19 3:3 p.m.5 views

jenkins: lack of type validation in agent related REST API

A flaw was found in Jenkins. Due to lack of validation of type of object created after loading the data submitted to the config.xml REST API endpoint of a node, an attackers with Computer/Configure permission are able to replace a node with one of a different type...

4.3CVSS5.7AI score0.02725EPSS
Exploits0References4
osv
osv
added 2021/04/07 9:5 p.m.56 views

GHSA-FFW3-6MP6-JMVJ Improper Access Control in Apache Airflow

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when webserver exposeconfig is set to False in airflow.cfg. This allowed a privilege escalation attack...

7.1CVSS6.4AI score0.02805EPSS
Exploits0References10
osv
osv
added 2021/02/17 3:15 p.m.16 views

CVE-2021-26559

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when webserver exposeconfig is set to False in airflow.cfg. This allowed a privilege escalation attack...

6.5CVSS6.5AI score
Exploits0References3
prion
prion
added 2021/02/17 3:15 p.m.15 views

Improper access control

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when webserver exposeconfig is set to False in airflow.cfg. This allowed a privilege escalation attack...

4CVSS6.5AI score0.02805EPSS
Exploits0References3Affected Software1
cve
cve
added 2021/02/17 2:15 p.m.95 views

CVE-2021-26559

CVE-2021-26559 describes an improper access control on the Stable API Configurations Endpoint in Apache Airflow, allowing users with Viewer or User roles to retrieve Airflow configurations (including sensitive data) even when webserver configuration [webserver] expose_config is set to False. Affe...

6.5CVSS6.4AI score0.02805EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2019/10/23 6:27 p.m.39 views

CVE-2019-9597

Darktrace Enterprise Immune System before 3.1 allows CSRF via the /config endpoint...

6.5AI score0.0162EPSS
Exploits5References4
nvd
nvd
added 2017/09/18 9:29 p.m.21 views

CVE-2016-10511

The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS ap...

5.9CVSS5.4AI score0.00822EPSS
Exploits1References2
Rows per page
Query Builder