Lucene search
K

32 matches found

Github Security Blog
Github Security Blog
added 2024/12/16 5:27 p.m.28 views

MinIO vulnerable to privilege escalation in IAM import API

Impact Privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f Patches commit f246c9053f9603e610d98439799bdd2a6b293427 Author: Aditya Manthramurthy Date: Wed Dec 11 18:09:40 2024 -0800 fix: Privilege escalation in IAM import API...

9.3CVSS6.3AI score0.00702EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.6 views

PT-2024-29897 · Hertzbeat · Hertzbeat

Name of the Vulnerable Software and Affected Versions: Hertzbeat versions prior to 1.6.0 Description: Hertzbeat is an open source, real-time monitoring system. It has an authenticated Remote Code Execution RCE vulnerability via unsafe deserialization in the "/api/monitors/import" API endpoint...

8.8CVSS7.5AI score0.0133EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.5 views

SUSE CVE-2019-15732

An issue was discovered in GitLab Community and Enterprise Edition 12.2 through 12.2.1. The project import API could be used to bypass project visibility restrictions...

5.3CVSS5.4AI score0.01554EPSS
Exploits0References3
NVD
NVD
added 2022/09/13 7:15 p.m.21 views

CVE-2022-26928

Windows Photo Import API Elevation of Privilege Vulnerability...

7CVSS0.00697EPSS
Exploits0References1
OSV
OSV
added 2022/09/13 7:15 p.m.2 views

CVE-2022-26928

Windows Photo Import API Elevation of Privilege Vulnerability...

7CVSS7.3AI score0.00697EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/09/13 12:0 a.m.67 views

KB5017328: Windows 11 Security Update (September 2022)

The remote Windows host is missing security update 5017328. It is, therefore, affected by multiple vulnerabilities - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the...

9.8CVSS7.1AI score0.85646EPSS
Exploits7References43
Kaspersky
Kaspersky
added 2022/09/13 12:0 a.m.183 views

KLA19245 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote cod...

9.8CVSS9.8AI score0.85646EPSS
Exploits13References75
hivepro
hivepro
added 2022/08/25 9:29 a.m.38 views

Input validation flaw in GitLab’s Community and Enterprise Software

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary A remote code execution vulnerability that affects GitLab Community Edition CE and Enterprise Edition EE has been identified as CVE-2022-2884. It can be exploited using the GitHub import API, However it...

2.4AI score0.75718EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/08/24 6:21 a.m.100 views

GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software

DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Communi...

2.5AI score0.75718EPSS
Exploits4
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.4 views

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. Mattermost 6.7.0 and earlier versions are vulnerable to a resource management error, which stems from the inability of the Slack import feature to properly limit the size of imported files, and can be exploited to import...

6.5CVSS5.6AI score0.00753EPSS
Exploits0References2
Prion
Prion
added 2014/05/08 2:29 p.m.12 views

Code injection

Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the 1 fact or 2 report import API...

7.5CVSS8.3AI score0.02974EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/05/08 2:0 p.m.49 views

CVE-2013-0171

CVE-2013-0171 affects Foreman prior to version 1.1. The vulnerability allows remote attackers to execute arbitrary code by sending a crafted YAML object to the fact or report import API. Documents confirm impact as remote code execution with network access and no authentication required, but do n...

7.5CVSS7.9AI score0.02974EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder