Lucene search
+L

270 matches found

redhat
redhat
added 2023/02/09 11:35 a.m.84 views

Important: Red Hat Security Advisory: Red Hat Data Grid 8.4.1 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

9.8CVSS6.7AI score0.03571EPSS
Exploits6References9
rapid7blog
rapid7blog
added 2022/12/16 9:37 p.m.69 views

Metasploit Weekly Wrap-Up

A sack full of cheer from the Hacking Elves of Metasploit It is clear that the Metasploit elves have been busy this season: Five new modules, six new enhancements, nine new bug fixes, and a partridge in a pear tree are headed out this week! Partridge nor pear tree included. In this sack of goodie...

4.6CVSS9.3AI score0.51804EPSS
Exploits10
metasploit
metasploit
added 2022/12/13 7:52 p.m.321 views

F5 Big-IP Gather Information from MCP Datastore

This module gathers various interesting pieces of data from F5's "mcp" datastore, which is accessed via /var/run/mcp using a proprietary protocol. Adapted from: https://github.com/rbowes-r7/refreshing-mcp-tool/blob/main/mcp-getloot.rb Module Options msf use post/linux/gather/f5lootmcp msf...

8.8AI score
Exploits0
prion
prion
added 2022/11/27 3:15 a.m.21 views

Sql injection

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...

5CVSS7.9AI score0.00687EPSS
Exploits1References2Affected Software1
redhat
redhat
added 2022/11/17 1:40 p.m.54 views

Important: Red Hat Security Advisory: Red Hat Data Grid 8.4.0 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

8.8CVSS6.7AI score0.02191EPSS
Exploits5References11
ptsecurity
ptsecurity
added 2022/11/13 12:0 a.m.6 views

PT-2022-24988 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions up to 0.35.1 Description: A critical issue affects the file src/datastore/postgres/PgDataStore.ts, where the manipulation of the roomIds argument leads to sql injection. Upgrading to version 0.36.0 addresses thi...

5.6CVSS5.7AI score0.00509EPSS
Exploits0References10
cnnvd
cnnvd
added 2022/11/13 12:0 a.m.5 views

matrix-appservice-irc 安全漏洞

matrix-appservice-irc is a bridge for Matrix. This bridge passes all IRC messages to Matrix and all Matrix messages to IRC. A security vulnerability exists in matrix-appservice-irc 0.35.1 and earlier versions, which stems from affected unknown code in the file src/datastore/postgres/PgDataStore.t...

5.6CVSS5.8AI score0.00509EPSS
Exploits0References6
veeam
veeam
added 2022/11/11 12:0 a.m.316 views

Error: Skipping VM processing due to insufficient free disk space on datastore

Challenge A Backup or Replication job fails with the messages: Production datastore is getting low on free space xx GB left, and may run out of free disk space completely due to open snapshots. Insufficient free disk space on production datastore . Error: Skipping VM processing due to insufficien...

5.6AI score
Exploits0Affected Software1
cnnvd
cnnvd
added 2022/11/08 12:0 a.m.4 views

Microsoft ODBC Driver 安全漏洞

Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in the Microsoft ODBC Driver. The following products and versions are affected: Windows 8.1 fo...

8.8CVSS8.3AI score0.01436EPSS
Exploits0References5
veeam
veeam
added 2022/09/27 12:0 a.m.166 views

Datastore Named 'VeeamBackup_' Listed as Inaccessible

Challenge A Datastore with the name 'VeeamBackup' is found within the vSphere environment and is marked inaccessible. The will be the hostname, FQDN, or IP of a server assigned as the Mount Server for a Repository in Veeam Backup & Replication. Cause The datastore appears "inaccessible" because t...

6.9AI score
Exploits0
rapid7blog
rapid7blog
added 2022/07/29 8:32 p.m.349 views

Metasploit Weekly Wrap-Up

Roxy-WI Unauthenticated RCE This week, community member Nuri Çilengir added an unauthenticated RCE for Roxy-WI. Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers. The vulnerability can be triggered by a specially crafted POST request to a Python script where the ipbackend...

10CVSS10AI score0.90387EPSS
Exploits15
veracode
veracode
added 2022/04/12 6:24 a.m.25 views

SQL Injection

com.yahoo.elide:elide-datastore-aggregation is vulnerable to SQL Injection attacks. A specifically crafted query statement through a parameterized TEXT column allows a malicious user to inject and execute arbitrary SQL queries via the ValueType enum...

8.1CVSS5AI score0.01335EPSS
Exploits0References4Affected Software1
vulnersosv
vulnersosv
added 2022/04/08 10:43 p.m.5 views

com.yahoo.elide:elide-spring-boot-starter (=6.1.3), com.yahoo.elide:elide-standalone (=6.1.3) potentially affected by CVE-2022-24827 via com.yahoo.elide:elide-datastore-aggregation (=6.1.3)

com.yahoo.elide:elide-datastore-aggregation MAVEN version =6.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.yahoo.elide:elide-datastore-aggregation and may be impacted: - com.yahoo.elide:elide-spring-boot-starter =6.1.3 -...

8.1CVSS7.2AI score0.01335EPSS
Exploits0
osv
osv
added 2022/04/08 10:43 p.m.2 views

GHSA-8XPJ-9J9G-FC9R SQL Injection in elide-datastore-aggregation

Impact When leveraging the following together: - Elide Aggregation Data Store for Analytic Queries - Parameterized Columns A column that requires a client provided parameter - A parameterized column of type TEXT There is the potential for a hacker to provide a carefully crafted query that would...

8.1CVSS5.9AI score0.01335EPSS
Exploits0References5
redhat
redhat
added 2022/01/20 11:39 a.m.106 views

Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.2.3 security update

An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

10CVSS7.7AI score0.99999EPSS
Exploits360References6
veeam
veeam
added 2021/12/31 12:0 a.m.367 views

A specified parameter was not correct: spec.vmProfile

Challenge Scenario 1: A Replication job fails with the following error: Failed to set storage profile VM Encryption Policy to vm. Copy Scenario 2: An Entire VM Restore or Instant Recovery fails with the following error: Error: A specified parameter was not correct: spec.vmProfile Copy Cause This...

6.9AI score
Exploits0Affected Software1
rapid7blog
rapid7blog
added 2021/09/10 6:32 p.m.198 views

Metasploit Wrap-Up

Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...

7.5CVSS8.6AI score0.99999EPSS
Exploits45
rapid7blog
rapid7blog
added 2021/08/06 8:26 p.m.65 views

Metasploit Wrap-Up

Desert heat not the 1999 film This week was more quiet than normal with Black Hat USA and DEF CON, but that didn’t stop the team from delivering some small enhancements and bug fixes! We are also excited to see two new modules 15519 and 15520 from researcher Jacob Baines’ DEF CON talk ​​Bring You...

7AI score
Exploits0
osv
osv
added 2021/07/28 10:15 a.m.9 views

CVE-2021-32001

K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...

6.5CVSS5.8AI score0.00304EPSS
Exploits0References1
prion
prion
added 2021/07/28 10:15 a.m.24 views

Code injection

K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...

4CVSS6.3AI score0.00304EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder