116 matches found
ebs-bortolazzi.com Improper Access Control vulnerability OBB-3798810
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GHSA-HQ6Q-C2X6-HMCH vulnerabilities
Vulnerabilities for packages: cluster-autoscaler-fips, prometheus-adapter, aws-efs-csi-driver-fips, ip-masq-agent, nodetaint, aws-efs-csi-driver, spark-operator, kubernetes-dns-node-cache, aws-ebs-csi-driver...
GHSA-HQ6Q-C2X6-HMCH vulnerabilities
Vulnerabilities for packages: ip-masq-agent, kubernetes-dns-node-cache, nodetaint, prometheus-adapter, spark-operator, aws-efs-csi-driver...
CVE-2023-5528 vulnerabilities
Vulnerabilities for packages: cluster-autoscaler-fips, prometheus-adapter, aws-efs-csi-driver-fips, ip-masq-agent, nodetaint, aws-efs-csi-driver, spark-operator, kubernetes-dns-node-cache, aws-ebs-csi-driver...
CVE-2023-5528 vulnerabilities
Vulnerabilities for packages: ip-masq-agent, kubernetes-dns-node-cache, nodetaint, prometheus-adapter, spark-operator, aws-efs-csi-driver...
CVE-2023-47108 vulnerabilities
Vulnerabilities for packages: envoy-ratelimit, kubevela, volume-modifier-for-k8s, kubescape, cri-tools, temporal-server, buildkitd, k3s, temporal, docker-compose, kubernetes, kine, kubernetes-csi-external-resizer, metrics-server...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: terraform-provider-sendgrid, kubernetes-csi-livenessprobe, kubernetes-csi-livenessprobe-fips, dynamic-localpv-provisioner-fips, smarter-device-manager-fips, kubeflow-fips, prometheus-adapter-fips, timestamp-authority-fips, slsa-verifier, aws-efs-csi-driver-fips,...
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: prometheus-elasticsearch-exporter-fips, oauth2-proxy, chartmuseum, thanos-operator, prometheus-postgres-exporter, k8sgpt-operator, kpt, trust-manager, aws-efs-csi-driver-fips, terraform, bank-vaults-fips, memcached-exporter, aws-efs-csi-driver, nats,...
GHSA-CGCV-5272-97PR vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver...
CVE-2023-2728 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver...
GHSA-XC8M-28VV-4PJC vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver...
CVE-2023-2431 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver...
PT-2023-2528 · Oracle · Oracle Iprocurement +1
Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.12 Description: The issue is related to insufficient input validation in the E-Content Manager Catalog component. It allows a low-privileged attacker with network access via HTTP to...
Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload
This module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. Module Options msf use...
CVE-2023-21825
CVE-2023-21825 affects Oracle E-Business Suite’s Oracle iSupplier Portal (Supplier Management). Versions 12.2.6–12.2.8 are affected. An unauthenticated, network-accessible attacker can exploit via HTTP to obtain unauthorized read access to a subset of data. The issue is described as easily exploi...
U.S. Dept Of Defense: Local File Read vulnerability on ██████████ [HtUS]
Kindly check screenshot ███████: In case if scope question. Because i picked this site from DOD website list under 'dod sites'. Lets move on to the bug now : Summary: Local File Include vulnerability on ███. Oracle Ebs Bispgrapgh is prone to a directory traversal vulnerability that can be exploit...
CVE-2022-21500
CVE-2022-21500 affects Oracle E-Business Suite, specifically the Manage Proxies component, with the vulnerable line item in 12.2 (12.1 is not impacted). The issue enables an attacker to access or potentially take over data in the Oracle E-Business Suite via HTTP over the network, with CVSSv3.1 ba...
CVE-2022-21354
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...
InsightCloudSec Supports 12 New AWS Services Announced at re:Invent
In case you didn’t hear, Amazon hosted AWS re:Invent in Las Vegas last week. As has come to be expected at the annual mega-event, Amazon made a number of huge announcements and launched a significant number of improvements and brand-new services and settings to enhance their public cloud platform...
CVE-2021-2406
CVE-2021-2406 affects Oracle E-Business Suite’s Oracle Collaborative Planning product, User Interface component. Affected versions are 12.1.1–12.1.3. The vulnerability allows a low-privileged attacker with network access via HTTP to compromise Oracle Collaborative Planning, potentially enabling u...