Lucene search
K

72 matches found

OSV
OSV
added 2024/11/22 8:15 p.m.7 views

CVE-2024-5721

Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific...

8.1CVSS6.4AI score0.0583EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/12 1:58 p.m.25 views

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS0.00456EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/12 1:58 p.m.16 views

CVE-2024-23445 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions

It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.htmlsecurity-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the fieldsecurity parameter, an...

6.5CVSS7.3AI score0.00456EPSS
Exploits0References1
CVE
CVE
added 2024/06/12 1:58 p.m.329 views

CVE-2024-23445

CVE-2024-23445 affects Elasticsearch remote-cluster API key security model (GA 8.14.0). The issue: a cross-cluster API key that restricts index search via query or field_security and also grants replication for the same index may not enforce search restrictions during cross-cluster search, potent...

6.5CVSS6.5AI score0.00456EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.11 views

PT-2024-37098 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit...

8.1CVSS7.9AI score0.0583EPSS
Exploits0References4
Akamai Blog
Akamai Blog
added 2024/05/20 10:20 a.m.2 views

Akamai Adds Support for Kubernetes Cluster API

...

5.3AI score
Exploits0
OpenVAS
OpenVAS
added 2015/11/02 12:0 a.m.29 views

Open-Xchange (OX) App Suite Multiple Vulnerabilities -03 (Nov 2015)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS6.5AI score0.01493EPSS
Exploits3References2
securityvulns
securityvulns
added 2013/10/01 12:0 a.m.59 views

Open-Xchange Security Advisory 2013-09-10

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 28260 Bug ID Vulnerability type: CWE-16: Configuration, CWE-287: Improper Authentication, CWE-200: Information Exposure Vulnerable version: 7.0.0 to 7.2.2 Vulnerable component: backend default configuration Fixed version...

7.5CVSS0.2AI score0.01493EPSS
Exploits2
NVD
NVD
added 2013/09/25 10:31 a.m.24 views

CVE-2013-5935

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended...

4.3CVSS6.2AI score0.01078EPSS
Exploits0References1
Prion
Prion
added 2013/09/25 10:31 a.m.18 views

Hardcoded credentials

Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 has a hardcoded password for node join operations, which allows remote attackers to expand a cluster by finding this password in the source code and then sending the password in a Hazelcast cluster API call, a different...

4CVSS7.1AI score0.01493EPSS
Exploits3References1Affected Software1
Prion
Prion
added 2013/09/25 10:31 a.m.23 views

Design/Logic Flaw

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about 1 runtime activity, 2 network configuration, 3 user sessions, 4 the memcache interface, and 5 the REST interface via API calls suc...

4.3CVSS6.2AI score0.01493EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2013/09/25 10:0 a.m.25 views

CVE-2013-5935

The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which makes it easier for remote attackers to obtain access by sending network traffic from an unintended...

6.1AI score0.01078EPSS
Exploits0References1
Rows per page
Query Builder