5909 matches found
RHEL 9 : buildah (RHSA-2024:2245)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2245 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...
Galah - An LLM-powered Web Honeypot Using The OpenAI API
TL;DR: Galah /ɡəˈlɑː/ - pronounced 'guh-laa' is an LLM Large Language Model powered web honeypot, currently compatible with the OpenAI API, that is able to mimic various applications and dynamically respond to arbitrary HTTP requests. Description Named after the clever Australian parrot known for...
Improper Access Control
Mattermost Server is vulnerable to Improper Access Control. The vulnerability is due to incomplete validation of role changes within team.go, allowing an attacker authenticated as a team admin to promote guests to team admins through crafted HTTP requests...
Improper Access Control
Mattermost Server is vulnerable to Improper Access Control. The vulnerability is due to improper validation when updating team member roles, allowing users with certain administrative privileges to demote other users to guest status through crafted HTTP requests...
RHEL 8 : Release of OpenShift Serverless Client kn 1.31.1 (RHSA-2024:0880)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0880 advisory. Red Hat OpenShift Serverless Client kn 1.31.1 provides a CLI to interact with Red Hat OpenShift Serverless 1.31.1. The kn CLI is delivered a...
Security Bulletin: IBM MQ Internet Pass-Thru is vulnerable to a denial of service issue (CVE-2024-25015)
Summary IBM MQ Internet Pass-Thru has addressed a vulnerability in which HTTP requests could cause a denial of service. Vulnerability Details CVEID:CVE-2024-25015 DESCRIPTION: IBM MQ Internet Pass-Thru could allow a remote user to cause a denial of service by sending HTTP requests that would...
Mattermost allows team admins to promote guests to team admins
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
Mattermost fails to fully validate role changes
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
GHSA-5QX9-9FFJ-5R8F Mattermost fails to fully validate role changes
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4198
Mattermost server vulnerability CVE-2024-4198: Versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes. This allows an attacker authenticated as a team admin to demote users to guest via crafted HTTP requests. Root cause is incomplete validation of role cha...
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
CVE-2024-4195
Mattermost CVE-2024-4195 affects Mattermost Server components prior to fixes in 9.5.3 and 8.1.12 for 9.6.0/9.5.x before 9.5.3 and 8.1.x before 8.1.12. The root cause is incomplete validation of role changes in team administration logic, allowing an attacker authenticated as a team admin to promot...
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
The vulnerabilities of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD), which manage microprogramming software-based network interfaces, allow attackers to cause service interruptions.
The vulnerability of Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD micro-programming-based network interface controllers is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow a malicious actor to cause...
CVE-2024-20353
A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service DoS condition. This...
aiohttp: HTTP request modification
A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts...