Lucene search
K

219 matches found

CVE
CVE
added 2022/11/15 12:0 a.m.83 views

CVE-2022-41918

OpenSearch has a vulnerability where fine-grained access controls (document-level security, field-level security, and field masking) are not correctly applied to the indices backing data streams, potentially allowing incorrect access authorization. The issue affects OpenSearch prior to the patche...

6.3CVSS6.3AI score0.0043EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2022/11/15 12:0 a.m.16 views

CVE-2022-41918

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the indices that back data streams...

6.3CVSS6.4AI score0.0043EPSS
Exploits0
OSV
OSV
added 2022/10/04 7:37 a.m.4 views

SUSE-SU-2022:3495-1 Security update for libgit2

This update for libgit2 fixes the following issues: - Fixed DoS by oob write in constructed commit object with a very large number of parents bsc1158981. - CVE-2019-1352: Fixed git on Windows being unaware of NTFS Alternate Data Streams bnc1158790. - CVE-2022-24765: Fixed potential command...

9.3CVSS8.7AI score0.24014EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2022/09/06 9:15 p.m.3 views

CVE-2022-38176

An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as...

7.8CVSS5.8AI score0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.5 views

YSoft SAFEQ 6 安全漏洞

YSoft SAFEQ 6 is an Enterprise Print Management Suite solution platform from YSoft Czech Republic. A security vulnerability exists in YSoft SAFEQ 6 versions prior to 6.0.72, which stems from incorrect permissions being configured as part of the installer package for the Client V3 service, and can...

7.8CVSS7.3AI score0.00362EPSS
Exploits0References3
Fedora
Fedora
added 2022/02/27 3:21 a.m.63 views

[SECURITY] Fedora 34 Update: protobuf-3.14.0-7.fc34

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

6.5CVSS6.6AI score0.0266EPSS
Exploits0
Fedora
Fedora
added 2022/02/16 1:28 a.m.41 views

[SECURITY] Fedora 35 Update: protobuf-3.14.0-7.fc35

Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...

6.5CVSS6.6AI score0.0266EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/12/06 3:23 p.m.20 views

InsightCloudSec Supports 12 New AWS Services Announced at re:Invent

In case you didn’t hear, Amazon hosted AWS re:Invent in Las Vegas last week. As has come to be expected at the annual mega-event, Amazon made a number of huge announcements and launched a significant number of improvements and brand-new services and settings to enhance their public cloud platform...

7.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2021/08/25 2:47 p.m.52 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

8.5CVSS8.3AI score0.0345EPSS
Exploits2References13Affected Software1
Github Security Blog
Github Security Blog
added 2021/08/25 2:46 p.m.49 views

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

8.5CVSS8.3AI score0.11418EPSS
Exploits2References13Affected Software1
OSV
OSV
added 2021/07/27 11:3 a.m.2 views

OESA-2021-1282 libgit2 security update

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings. Security Fixes: An issue was discovered in libgit2 before 0.28.4 a...

9.8CVSS8.2AI score0.0511EPSS
Exploits0References3
OSV
OSV
added 2021/03/22 11:28 p.m.2 views

GHSA-HVV8-336G-RX3M A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a...

5.3CVSS6.9AI score0.4999EPSS
Exploits1References17
Veracode
Veracode
added 2021/03/15 8:12 a.m.52 views

Server-Side Request Forgery (SSRF)

xstream is vulnerable to Server-Side Forgery Request. The processed stream at unmarshalling time contains information to recreate the formerly written objects, allowing an attacker to manipulate data streams referencing a resource in an intranet or the local host...

8.6CVSS3.3AI score0.46826EPSS
Exploits1References23Affected Software5
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.38 views

CentOS 8 : git (CESA-2019:4356)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:4356 advisory. - git: Arbitrary path overwriting via export-marks in-stream command feature CVE-2019-1348 - git: Recursive submodule cloning allows using git director...

9.3CVSS7.6AI score0.34007EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/30 5:19 p.m.14 views

Security Bulletin: Node.js module upgrade for IBM Cloud Pak for Data Streams Flows

Summary A Node.js module has released an update that addresses a security issue. It is recommended to upgrade the module. Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See:...

1.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/30 5:10 p.m.35 views

Security Bulletin: Node.js upgrade for IBM Cloud Pak for Data Streams Flows

Summary Node.js have released a security update that addresses several issues. It is recommended to upgrade the Node.js runtime. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by CR-to-Hyphen conversion. By sending specially crafted...

7.8CVSS1.4AI score0.08794EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/30 4:40 p.m.32 views

Security Bulletin: Node.js upgrade for IBM Cloud Pak for Data Streams Flows

Summary Node.js have released a security update that addresses several issues. It is recommended to upgrade the Node.js runtime. Vulnerability Details CVEID: CVE-2020-8237 DESCRIPTION: Node.js json-bigint module is vulnerable to a denial of service, caused by a prototype pollution flaw. By adding...

9.8CVSS1.3AI score0.08794EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/18 3:38 p.m.10 views

Security Bulletin: The web server or application server are configured in an insecure way in IBM Cloud Pak for Data Streams

Summary We have detected a low severity issue where our web server or application server are configured in an insecure way in IBM Cloud Pak for Data Streams. This is an internal feature only where users have no access to it but we have decided to address it. Vulnerability Details Third Party Entr...

1.6AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/18 3:18 p.m.16 views

Security Bulletin: Lucky 13 Attack Vulnerability in IBM Cloud Pak for Data Streams

Summary The Lucky Thirteen attack is a crystallographic timing attack against implementations of the Transport Layer Security TLS protocol that use the CBC mode of operation. An attacker could perform man in the middle attacks to successfully obtain plain text from the secure channel. Vulnerabili...

1AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/18 3:8 p.m.15 views

Security Bulletin: TLS Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) vulnerability in IBM Cloud Pak for Data Streams

Summary The Transport Layer Security TLS protocol contains a flaw that is triggered when handling DiffieHellman key exchanges defined with the DHEEXPORT cipher. A man-in-the middle attacker may be able to downgrade the session to use EXPORTDHE cipher suites. Thus, it is recommended to remove...

1.5AI score
Exploits0Affected Software1
Rows per page
Query Builder