Lucene search
K

758 matches found

Cvelist
Cvelist
added 2024/01/11 7:57 a.m.29 views

CVE-2024-0252 Remote code execution

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability...

8.8CVSS9.3AI score0.07814EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.4 views

ZOHO ManageEngine ADSelfService Plus Security Vulnerability

ZOHO ManageEngine ADSelfService Plus is ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus 6401 and prior versions, which stems from a remote code...

8.8CVSS8.2AI score0.07814EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/06 12:0 a.m.5 views

The vulnerability of the PowerStation network load balancing system, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the PowerStation network load balancing system is related to the lack of authentication for critical functions, resulting from insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected...

10CVSS8.1AI score0.011EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2023/12/04 9:15 p.m.33 views

CVE-2023-47106

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

6.9AI score0.00625EPSS
Exploits1
Prion
Prion
added 2023/12/04 9:15 p.m.18 views

Improper access control

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

6.4CVSS6.9AI score0.00625EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2023/12/04 8:36 p.m.388 views

CVE-2023-47633

CVE-2023-47633 affects the Traefik Docker image when it serves as its own backend, triggered by an automatically generated route from Docker integration in default configuration. The issue causes 100% CPU usage, leading to a denial of service-like impact on the affected instance. The vulnerabilit...

7.5CVSS7.5AI score0.01269EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/12/04 8:36 p.m.35 views

CVE-2023-47633 Uncontrolled Resource Consumption in Traefik

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions...

7.5CVSS7.6AI score0.01269EPSS
Exploits1References3
CVE
CVE
added 2023/12/04 8:26 p.m.388 views

CVE-2023-47106

Traefik vulnerability CVE-2023-47106: when a request contains a URL fragment, Traefik URL-encodes and forwards the fragment to the backend, violating RFC 7230 (origin-form should only have path and query). In a setup with a frontend proxy like Nginx, this can bypass URI-based access controls. Add...

6.5CVSS5.8AI score0.00625EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/12/04 8:26 p.m.28 views

CVE-2023-47106 Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

4.8CVSS6.6AI score0.00625EPSS
Exploits1References6
CVE
CVE
added 2023/12/04 8:20 p.m.387 views

CVE-2023-47124

CVE-2023-47124 describes a DoS vector in Traefik when using HTTPChallenge to obtain/renew Let’s Encrypt TLS certificates: the 50-second delay allowed solving the challenge can be abused for a slowloris-style attack. Public details in the initial document specify impacts as a server availability r...

5.9CVSS5.8AI score0.00791EPSS
Exploits0References8Affected Software1
Virtuozzo
Virtuozzo
added 2023/11/27 12:0 a.m.28 views

Virtuozzo Hybrid Infrastructure 6.0 (6.0.0-243)

In this release, Virtuozzo Hybrid Infrastructure provides an upgrade of the Linux distribution, kernel, and toolset packages. This release also contains a range of new features that cover storage performance, object storage, as well as monitoring and alerts. Additionally, this release delivers...

7.3AI score
Exploits0
Prion
Prion
added 2023/11/16 10:15 p.m.16 views

Authorization

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...

4CVSS6.9AI score0.00481EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/16 10:1 p.m.36 views

CVE-2023-47112 Authenticated users can view job names and groups they do not have authorization to view in Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...

4.3CVSS4.9AI score0.00481EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/11/16 8:48 p.m.24 views

Authenticated Rundeck users can view or delete jobs they do not have authorization for.

Access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. The affected URLs are: - https://host/context/rdJob/ -...

8.1CVSS6.8AI score0.00449EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/16 8:48 p.m.20 views

GHSA-PHMW-JX86-X666 Authenticated Rundeck users can view or delete jobs they do not have authorization for.

Access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. The affected URLs are: - https://host/context/rdJob/ -...

8.1CVSS6.4AI score0.00449EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/16 12:0 a.m.4 views

PT-2023-30317 · Rundeck · Rundeck

Name of the Vulnerable Software and Affected Versions: Rundeck versions prior to 4.17.3 Description: The issue allows authenticated users to access certain URL paths without necessary authorization checks, providing a list of job names and groups for any project. The affected URLs are...

4.3CVSS4.3AI score0.00481EPSS
Exploits0References6
NVD
NVD
added 2023/11/08 4:15 p.m.10 views

CVE-2023-47107

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

8.8CVSS0.00599EPSS
Exploits0References1
Prion
Prion
added 2023/11/08 4:15 p.m.11 views

Design/Logic Flaw

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

6.8CVSS7AI score0.00599EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/08 3:39 p.m.43 views

CVE-2023-47107

Summary of mode C (concrete details): PILOS, the BigBlueButton front-end, has a vulnerability in its password reset flow where the reset URL is built using the request host header. An attacker could lure affected users to a URL that points to the attacker’s server, potentially disclosing the pass...

8.8CVSS8.6AI score0.00599EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/08 3:39 p.m.20 views

CVE-2023-47107 PILOS account takeover through password reset poisoning

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

8.8CVSS8.3AI score0.00599EPSS
Exploits0References3
Rows per page
Query Builder