90 matches found
BIT-KIBANA-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...
PT-2026-32429
Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...
PT-2026-32405
Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...
CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...
CVE-2026-33458 Server-Side Request Forgery (SSRF) in Kibana One Workflow Leading to Information Disclosure
Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data...
Kibana 9.3.3 Security Update (ESA-2026-28)
Server-Side Request Forgery SSRF in Kibana One Workflow Leading to Information Disclosure Server-Side Request Forgery CWE-918 in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in...
EUVD-2017-14787
Malware in sbrugna...
EUVD-2017-14784
Malware in sbrugna...
EUVD-2018-4125
Malware in sbrugna...
CVE-2025-0982 Sandbox Escape in Google Cloud Application Integration's JavaScript Task (Rhino Engine)
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code via crafted JavaScript code executed by the Rhino engine. Effective January 24, 2025, Application Integration will no longer support Rhino as the JavaScript...
bubblewrap and flatpak security update
An update is available for flatpak, bubblewrap. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bubblewrap /usr/bin/bwrap is a core execution engine for...
RHEL 9 : bubblewrap and flatpak (RHSA-2024:6355)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:6355 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...
K65043534: Multiple INTEL BIOS vulnerabilities
Security Advisory Description CVE-2017-5705 Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. CVE-2017-5706 Multiple buffer overflows in kernel in Intel Server Platfo...
K60381308: Intel CPU vulnerability CVE-2018-3655
Security Advisory Description A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information v...
SUSE CVE-2019-11087
Insufficient input validation in the subsystem for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of...
SUSE CVE-2019-11101
Insufficient input validation in the subsystem for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access...
SUSE CVE-2019-11104
Insufficient input validation in MEInfo software for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access...
SUSE CVE-2019-11102
Insufficient input validation in IntelR DAL software for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access...
SUSE CVE-2019-11110
Authentication bypass in the subsystem for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access...
2020.2 IPU – Intel® CSME, SPS, TXE, and AMT Advisory
Summary: Potential security vulnerabilities in Intel® Converged Security and Manageability Engine CSME, Server Platform Services SPS, Intel® Trusted Execution Engine TXE, Intel® Dynamic Application Loader DAL, Intel® Active Management Technology AMT, Intel® Standard Manageability ISM and Intel®...