Lucene search
K

125 matches found

cve
cve
added 2017/09/06 9:0 p.m.48 views

CVE-2015-3162

CVE-2015-3162 affects Beaker 20.1 in the Beaker project. Description: a Cross-site scripting (XSS) vulnerability in the edit comment dialog (bkr/server/widgets.py) enables remote authenticated users to inject arbitrary web script or HTML by writing a crafted comment on an acknowledged or nacked c...

5.4CVSS5AI score0.00929EPSS
Exploits0References5Affected Software1
cve
cve
added 2017/09/06 9:0 p.m.52 views

CVE-2015-3160

CVE-2015-3160 relates to an XML external entity (XXE) vulnerability in Beaker’s Beaker project, specifically in the bkr/server/jobs.py module. Before version 20.1, remote authenticated users can submit job XML containing entity references that reference files on the Beaker server’s filesystem, po...

4.3CVSS4.2AI score0.01284EPSS
Exploits0References5Affected Software1
cve
cve
added 2017/09/06 9:0 p.m.44 views

CVE-2015-3161

The CVE affects Beaker prior to version 20.1. The search bar code in bkr/server/widgets.py fails to escape tags in string literals when producing JSON, enabling potential cross‑site/script injection via JSON output. The Beaker vulnerability is described consistently across sources (NVD/NVD-deriv...

4.8CVSS5.3AI score0.00827EPSS
Exploits0References5Affected Software1
cnvd
cnvd
added 2015/07/02 12:0 a.m.5 views

Beaker XXE Attack Information Disclosure Vulnerability

Beaker is a suite of open source software used to manage and automate test computers in laboratories. There is a security vulnerability in the handling of external entity extensions in Beaker job xml that allows remote attackers to exploit the vulnerability to conduct XXE attacks and obtain...

4.3CVSS6.8AI score0.01284EPSS
Exploits0References1
cnvd
cnvd
added 2015/07/02 12:0 a.m.1 views

Beaker HTML Injection Vulnerability

Beaker is a suite of open source software used to manage and automate test computers in laboratories. Beaker in the processing of "edit comment" in the data lack of correct HTML escaping , allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code , when...

5.4CVSS6.8AI score0.00929EPSS
Exploits0References1
cnvd
cnvd
added 2015/07/02 12:0 a.m.4 views

Beaker Incorrect Label Escape Vulnerability

Beaker is a suite of open source software used to manage and automate test computers in laboratories. Beaker fails to properly escape tags in the search bar when generating JSON, allowing remote attackers to exploit vulnerabilities to inject malicious script or HTML code that can obtain sensitive...

4.8CVSS6.9AI score0.00827EPSS
Exploits0References1
cnvd
cnvd
added 2015/06/27 12:0 a.m.7 views

Beaker Security Bypass Vulnerability

Beaker is a suite of open source software used to manage and automate test computers in laboratories. A security bypass vulnerability exists in Beaker. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations...

4.3CVSS6.8AI score0.01095EPSS
Exploits1References1
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.63 views

[SECURITY] [DSA 2541-1] beaker security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2541-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 07, 2012 http://www.debian.org/security/faq -...

4.3CVSS0.8AI score0.02447EPSS
Exploits0
securityvulns
securityvulns
added 2012/10/29 12:0 a.m.36 views

Beaker information leakage

Information leakage in AES ECB mode...

4.3CVSS2.1AI score0.02447EPSS
Exploits0References1Affected Software1
osv
osv
added 2012/09/15 5:55 p.m.15 views

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

6.2AI score
Exploits0References6
nvd
nvd
added 2012/09/15 5:55 p.m.29 views

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS6.3AI score0.02447EPSS
Exploits0References6
osv
osv
added 2012/09/15 5:55 p.m.3 views

DEBIAN-CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS6.5AI score0.02447EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2012/09/15 5:55 p.m.21 views

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS5.9AI score0.02447EPSS
Exploits0References2
osv
osv
added 2012/09/15 5:55 p.m.4 views

UBUNTU-CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS5.8AI score0.02447EPSS
Exploits0References3
pypa
pypa
added 2012/09/15 5:55 p.m.9 views

PYSEC-2012-1

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS7AI score0.02447EPSS
Exploits0References7Affected Software1
osv
osv
added 2012/09/15 5:55 p.m.20 views

PYSEC-2012-1

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS5.2AI score0.02447EPSS
Exploits0References7
prion
prion
added 2012/09/15 5:55 p.m.16 views

Code injection

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS6.9AI score0.02447EPSS
Exploits0References6Affected Software1
cve
cve
added 2012/09/15 5:0 p.m.62 views

CVE-2012-3458

CVE-2012-3458 affects Beaker prior to 1.6.4, where sessions encrypted with PyCrypto use AES in ECB mode. The ECB usage can allow remote attackers to obtain portions of sensitive session data via unspecified vectors. All connected sources corroborate that Beaker before 1.6.4 is vulnerable to this ...

4.3CVSS6.3AI score0.02447EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2012/09/15 5:0 p.m.28 views

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

6.2AI score0.02447EPSS
Exploits0References6
debiancve
debiancve
added 2012/09/15 5:0 p.m.42 views

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

4.3CVSS6.3AI score0.02447EPSS
Exploits0
Rows per page
Query Builder