Lucene search
K

42 matches found

Prion
Prion
added 2023/02/25 12:15 a.m.25 views

Improper access control

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

5CVSS7.3AI score0.00946EPSS
Exploits1References3Affected Software1
OpenVAS
OpenVAS
added 2022/09/13 12:0 a.m.12 views

Fedora: Security Advisory for cloudcompare (FEDORA-2022-9cbdf39a5a)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.7AI score0.02793EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/19 12:0 a.m.4 views

Yimioa SQL注入漏洞

Yimioa is the collaborative office software of Cloud.com Software. Based on enterprise-class workflow engine, in-depth research and development for 15 years, served more than 1000 customers, based on springboot framework. With mature OA office functions, comes with a low-code development platform...

9.8CVSS8.5AI score0.00688EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2022/07/29 10:5 a.m.22 views

How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber...

0.1AI score
Exploits0
OSV
OSV
added 2022/07/19 5:15 p.m.3 views

CVE-2022-22359

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652...

6.5CVSS5.7AI score0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/07/19 12:0 a.m.4 views

PT-2022-15390 · Ibm · Ibm Sterling Partner Engagement Manager

Name of the Vulnerable Software and Affected Versions: IBM Sterling Partner Engagement Manager versions 6.1.2, 6.2, and Cloud/SasS 22.2 Description: The issue allows a remote authenticated attacker to conduct an LDAP injection by using a specially crafted request. This could result in granting...

8.8CVSS7.4AI score0.01413EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/07/18 12:0 a.m.5 views

CVE-2022-22359

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652...

6.5CVSS6AI score0.0026EPSS
Exploits0References3Affected Software2
Kitploit
Kitploit
added 2022/05/20 9:30 p.m.19 views

Xepor - Web Routing Framework For Reverse Engineers And Security Researchers, Brings The Best Of Mitmproxy And Flask

Xepor pronounced /ˈzɛfə/ , zephyr, a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style. This project is meant to be used with mitmproxy. User wri...

7.7AI score
Exploits0References8
The Hacker News
The Hacker News
added 2022/03/23 3:14 a.m.34 views

Microsoft and Okta Confirm Breach by LAPSUS$ Extortion Group

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. "No customer code or data was...

0.3AI score
Exploits0
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.5 views

Construction Industry Solutions Conis Construction Cloud 输入验证错误漏洞

Construction Industry Solutions Conis Construction Cloud is an end-to-end cloud and mobile software solution from Construction Industry Solutions, Inc. Construction Industry Solutions Conis Construction Cloud version 11.12 is vulnerable to an input validation error that could be exploited by an...

6.5CVSS5.6AI score0.01644EPSS
Exploits1References4
NVD
NVD
added 2021/04/22 10:15 p.m.14 views

CVE-2021-2257

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

4.1CVSS0.00717EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/22 9:53 p.m.25 views

CVE-2021-2256

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

10CVSS9.7AI score0.01666EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2021/04/22 9:53 p.m.6 views

CVE-2021-2257

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

4.1CVSS5.6AI score0.00717EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/07 9:36 p.m.17 views

Security Bulletin: WebSphere Application Server in IBM Cloud is vulnerable to a Server-side Request Forgery vulnerability (CVE-2021-20480)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server in IBM Cloud. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins list...

6.5CVSS2.4AI score0.01298EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/10/16 12:0 a.m.1 views

Command Execution Vulnerability in PDF Reader on Cloud

Cloud PDF Reader is a PDF reading and editing software. A command execution vulnerability exists in PDF Reader on Cloud, which can be exploited by an attacker to gain control of the server...

7.4AI score
Exploits0
MSRC
MSRC
added 2020/04/29 3:35 p.m.38 views

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...

2.3AI score
Exploits0
MSRC
MSRC
added 2020/04/29 7:0 a.m.10 views

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...

2.5AI score
Exploits0
MSRC
MSRC
added 2020/04/29 7:0 a.m.9 views

The Safety Boat: Kubernetes and Rust

Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/20 11:8 a.m.73 views

Deal: Cloud And Networking Certification Training ~ Get 97% OFF

Cloud computing and networking are two of the most significant areas of growth in the IT business. Companies need engineers who can maintain distributed software and keep the company connected. If you want to work in either niche, the Essential Cloud & Networking Certification Training Bundle...

1.6AI score
Exploits0
Huawei
Huawei
added 2015/09/09 12:0 a.m.30 views

Security Advisory - Insufficient Input Verification Vulnerability in the FusionAccess

FusionAccess is a kind of virtual desktop applications based on Huawei cloud platform. Through the deployment of Huawei desktop cloud software on the cloud platform, customers can access the cloud desktop by the thin client device or other devices. There is an insufficient input verification...

7.8CVSS7AI score0.00746EPSS
Exploits0Affected Software1
Rows per page
Query Builder