6 matches found
CVE-2026-55205
Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that allows unbounded accumulation of in-memory flow state and daemon threads. Attackers can send repeated or concurrent requests to exhaust server memory and...
CVE-2024-29834 Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction. These management operations should be restricted to users with the tenant admin role or superuser role. A...
Dell EMC Isilon Cross-Site Scripting Vulnerability (CNVD-2018-07641)
DELL EMC Isilon is a horizontally scalable storage system for unstructured data from Dell.OneFS web administration interface is one of the web administration interfaces. A cross-site scripting vulnerability exists in the Authorization Providers page of the OneFS web administration interface in De...
CVE-2018-1188
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially injec...
CVE-2018-1188
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially injec...
CVE-2018-1188
CVE-2018-1188 is a cross-site scripting vulnerability affecting Dell EMC Isilon OneFS Web UI (Authorization Providers page). Affected are OneFS versions 8.1.0.0–8.1.0.1, 8.0.1.0–8.0.1.2, 8.0.0.0–8.0.0.6, and 7.2.1.x. The issue arises from XSS in the Authorization Providers page, allowing injectio...