Lucene search
K

5909 matches found

Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.34 views

RHEL 9 : buildah (RHSA-2024:2245)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2245 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

7.5CVSS7.2AI score0.0125EPSS
Exploits0References8
Kitploit
Kitploit
added 2024/04/29 12:30 p.m.85 views

Galah - An LLM-powered Web Honeypot Using The OpenAI API

TL;DR: Galah /ɡəˈlɑː/ - pronounced 'guh-laa' is an LLM Large Language Model powered web honeypot, currently compatible with the OpenAI API, that is able to mimic various applications and dynamically respond to arbitrary HTTP requests. Description Named after the clever Australian parrot known for...

7.4AI score
Exploits0References1
Veracode
Veracode
added 2024/04/29 6:39 a.m.18 views

Improper Access Control

Mattermost Server is vulnerable to Improper Access Control. The vulnerability is due to incomplete validation of role changes within team.go, allowing an attacker authenticated as a team admin to promote guests to team admins through crafted HTTP requests...

2.7CVSS6.9AI score0.00502EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2024/04/29 6:8 a.m.22 views

Improper Access Control

Mattermost Server is vulnerable to Improper Access Control. The vulnerability is due to improper validation when updating team member roles, allowing users with certain administrative privileges to demote other users to guest status through crafted HTTP requests...

2.7CVSS7AI score0.00502EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.45 views

RHEL 8 : Release of OpenShift Serverless Client kn 1.31.1 (RHSA-2024:0880)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0880 advisory. Red Hat OpenShift Serverless Client kn 1.31.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.31.1. The kn CLI is delivered a...

9.8CVSS7.3AI score0.93305EPSS
Exploits4References12
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/26 7:52 p.m.29 views

Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to a denial of service issue (CVE-2024-25015)

Summary IBM MQ Internet Pass-Thru has addressed a vulnerability in which HTTP requests could cause a denial of service. Vulnerability Details CVEID:CVE-2024-25015 DESCRIPTION: IBM MQ Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would...

7.5CVSS7.4AI score0.00925EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/26 9:30 a.m.22 views

Mattermost allows team admins to promote guests to team admins

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/26 9:30 a.m.24 views

Mattermost fails to fully validate role changes

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/04/26 9:30 a.m.14 views

GHSA-5QX9-9FFJ-5R8F Mattermost fails to fully validate role changes

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS3.3AI score0.00502EPSS
Exploits0References6
OSV
OSV
added 2024/04/26 9:15 a.m.7 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS6.5AI score
Exploits0References1
NVD
NVD
added 2024/04/26 9:15 a.m.11 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS3.5AI score0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/26 8:26 a.m.32 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS3.9AI score0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/26 8:26 a.m.11 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References1
CVE
CVE
added 2024/04/26 8:26 a.m.63 views

CVE-2024-4198

Mattermost server vulnerability CVE-2024-4198: Versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes. This allows an attacker authenticated as a team admin to demote users to guest via crafted HTTP requests. Root cause is incomplete validation of role cha...

2.7CVSS3.7AI score0.00502EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/26 8:26 a.m.12 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References1
CVE
CVE
added 2024/04/26 8:26 a.m.77 views

CVE-2024-4195

Mattermost CVE-2024-4195 affects Mattermost Server components prior to fixes in 9.5.3 and 8.1.12 for 9.6.0/9.5.x before 9.5.3 and 8.1.x before 8.1.12. The root cause is incomplete validation of role changes in team administration logic, allowing an attacker authenticated as a team admin to promot...

2.7CVSS6.5AI score0.00502EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/04/26 8:26 a.m.18 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS3.9AI score0.00502EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/25 12:0 a.m.5 views

The vulnerabilities of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD), which manage microprogramming software-based network interfaces, allow attackers to cause service interruptions.

The vulnerability of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD micro-programming-based network interface controllers is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow a malicious actor to cause...

8.6CVSS8.1AI score0.63272EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2024/04/24 7:15 p.m.29 views

CVE-2024-20353

A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...

8.6CVSS8.5AI score0.63272EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/04/23 5:18 p.m.1 views

aiohttp: HTTP request modification

A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts...

7.2CVSS7.2AI score0.00874EPSS
Exploits1References5
Rows per page
Query Builder