Lucene search
K

529 matches found

CNNVD
CNNVD
added 2024/11/11 12:0 a.m.3 views

Perforce Helix Core 资源管理错误漏洞

Perforce Helix Core is a scalable and secure version control system from Perforce, Inc. A resource management error vulnerability exists in versions of Perforce Helix Core prior to 2024.2 that originates from an unauthenticated remote denial of service via the auto-generation feature...

8.7CVSS6.8AI score0.0047EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.5 views

PT-2024-16205 · Perforce · Helix Core

Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2024.2 Description: An unauthenticated remote Denial of Service DoS via the shutdown function was identified. The issue was reported by Karol Więsek. Recommendations: For Helix Core versions prior to 2024.2, updat...

8.7CVSS7.4AI score0.0047EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.3 views

Perforce Helix Core 资源管理错误漏洞

Perforce Helix Core is a scalable and secure version control system from Perforce, Inc. A resource management error vulnerability exists in versions of Perforce Helix Core prior to 2024.2 that originates from an unauthenticated remote denial of service via a shutdown feature...

8.7CVSS6.7AI score0.0047EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.4 views

PT-2024-16204 · Perforce · Helix Core

Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2024.2 Description: An unauthenticated remote Denial of Service DoS was identified via the refuse function. This issue was reported by Karol Więsek. Recommendations: For Helix Core versions prior to 2024.2, update...

8.7CVSS7.4AI score0.0047EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/11 12:0 a.m.6 views

PT-2024-16181 · Perforce · Helix Core

Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2024.2 Description: An unauthenticated remote Denial of Service DoS via the auto-generation function was identified. The issue was reported by Karol Więsek. Recommendations: For Helix Core versions prior to 2024.2...

8.7CVSS7.4AI score0.0047EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.4 views

Perforce Helix Core 资源管理错误漏洞

Perforce Helix Core is a scalable and secure version control system from Perforce, Inc. A resource management error vulnerability exists in versions of Perforce Helix Core prior to 2024.2 that originates from an unauthenticated remote denial of service via the auto-generation feature...

8.7CVSS6.8AI score0.0047EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/10/23 9:30 p.m.10 views

@adobe/git-server (>=0.9.17 <=1.0.5), @adobe/helix-cli (>=0.3.0-SNAPSHOT.293 <=6.1.0) +69 more potentially affected by CVE-2024-48964 via snyk-gradle-plugin (>=1.0.2 <=3.9.0)

snyk-gradle-plugin NPM version =1.0.2, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.0.70, =0.5.8, =3.2.4, =0.1.3, =0.0.2, =0.0.3 and more Source cves: CVE-2024-48964 Source advisory: OSV:GHSA-QQQW-GM93-QF6M...

8.8CVSS5.8AI score0.0043EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/10/13 9:40 a.m.43 views

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a...

7CVSS8.7AI score0.68202EPSS
Exploits7
NVD
NVD
added 2024/09/25 1:15 a.m.16 views

CVE-2024-8067

In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...

5.8CVSS0.00199EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.7 views

Perforce Helix Core 安全漏洞

Perforce Helix Core is a scalable and secure version control system from Perforce. A security vulnerability exists in Perforce Helix Core prior to version 2024.1 Patch 2, which stems from the best fit parameter containing a parameter injection vulnerability...

5.8CVSS7.1AI score0.00199EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/24 3:53 p.m.15 views

CVE-2024-8067 Unicode "best fit" argument injection

In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...

5.8CVSS7.1AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2024/09/24 3:53 p.m.77 views

CVE-2024-8067

CVE-2024-8067 affects Perforce Helix Core prior to 2024.1 Patch 2 (2024.1/2655224). The issue is a Windows ANSI API Unicode “best fit” argument injection in Helix Core, caused by the best fit parameter handling. Public sources consistently describe this as a parameter injection vulnerability that...

5.8CVSS9.4AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/24 3:53 p.m.23 views

CVE-2024-8067 Unicode "best fit" argument injection

In versions of Helix Core prior to 2024.1 Patch 2 2024.1/2655224 a Windows ANSI API Unicode "best fit" argument injection was identified...

5.8CVSS0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.9 views

PT-2024-38783 · Perforce · Helix Core

Name of the Vulnerable Software and Affected Versions: Helix Core versions prior to 2024.1 Patch 2 Description: A Windows ANSI API Unicode "best fit" argument injection issue was identified. Recommendations: For versions prior to 2024.1 Patch 2, update to 2024.1 Patch 2 or later to resolve the...

5.8CVSS7.1AI score0.00199EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/09/12 10:49 a.m.12 views

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cybersecurity compa...

7.6AI score
Exploits0
CNVD
CNVD
added 2024/08/23 12:0 a.m.6 views

Apache Helix Trust Management Issues Vulnerability

Apache Helix is a general-purpose cluster management framework from the U.S. Apache Apache Foundation. Used to automate the management of partitioning, replication and distributed resources hosted on a cluster of nodes . Apache Helix suffers from a trust management issue vulnerability that stems...

7.5CVSS6.6AI score0.00726EPSS
Exploits0References1
Veracode
Veracode
added 2024/08/22 7:41 a.m.13 views

Session Spoofing

org.apache.helix, helix is vulnerable to Session Spoofing. The vulnerability is due to a hard-coded secret in the Apache Helix Front UI, which allows an attacker to generate their own fake cookies...

7.5CVSS6.6AI score0.00726EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/08/21 12:30 a.m.11 views

GHSA-6247-7862-Q2PQ Apache Helix Front (UI) component contained a hard-coded secret

The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...

8.7CVSS7.4AI score0.00726EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/08/21 12:30 a.m.21 views

Apache Helix Front (UI) component contained a hard-coded secret

The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are...

7.5CVSS6.7AI score0.00726EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/08/20 11:15 p.m.33 views

CVE-2024-22281

UNSUPPORTED WHEN ASSIGNED The Apache Helix Front UI component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front UI: all versions. As this project is retired, we do not plan to release a version that...

7.5CVSS0.00726EPSS
Exploits0References2
Rows per page
Query Builder