Lucene search
K

115 matches found

RedhatCVE
RedhatCVE
added 2025/03/31 11:32 a.m.9 views

CVE-2025-2586

A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, consuming excessive resources. This issue can lead to monitoring system degradation, increased disk...

7.5CVSS6.8AI score0.0049EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/31 12:0 a.m.8 views

PT-2025-13692

Name of the Vulnerable Software and Affected Versions OpenShift Lightspeed Service affected versions not specified Description A flaw in the OpenShift Lightspeed Service makes it vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints, such as...

7.5CVSS7.1AI score0.0049EPSS
Exploits0References16
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.4 views

Red Hat OpenShift Lightspeed 资源管理错误漏洞

Red Hat OpenShift Lightspeed is an acceleration tool based on the OpenShift platform from Red Hat, Inc. It is designed to increase the speed of development and deployment of Kubernetes applications. Red Hat OpenShift Lightspeed suffers from a resource management error vulnerability that stems fro...

7.5CVSS7.5AI score0.0049EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/20 8:24 a.m.10 views

CVE-2024-13795

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwiddeactivatefeedback function. This makes it possible for unauthenticated...

4.3CVSS6.4AI score0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/18 7:28 a.m.12 views

CVE-2024-13795 Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwiddeactivatefeedback function. This makes it possible for unauthenticated...

4.3CVSS0.00169EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/18 7:28 a.m.9 views

CVE-2024-13795 Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwiddeactivatefeedback function. This makes it possible for unauthenticated...

4.3CVSS4.3AI score0.00169EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.4 views

WordPress plugin Ecwid by Lightspeed Ecommerce Shopping Cart 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Ecwid by...

4.3CVSS8.8AI score0.00169EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/12/16 8:23 p.m.19 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

9.8CVSS6.8AI score0.01396EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/03/19 12:0 a.m.21 views

Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE DoS (cisco-sa-iosxr-pppma-JKWFgneW)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the...

7.4CVSS7.3AI score0.00336EPSS
Exploits0References4
OSV
OSV
added 2024/03/13 5:15 p.m.1 views

CVE-2024-20327

A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...

7.4CVSS5.8AI score0.00336EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 5:15 p.m.19 views

Design/Logic Flaw

A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...

3.3CVSS7.2AI score0.00336EPSS
Exploits0References1
Cisco
Cisco
added 2024/03/13 4:0 p.m.33 views

Cisco IOS XR Software for ASR 9000 Series Aggregation Services Routers PPPoE Denial of Service Vulnerability

A vulnerability in the PPP over Ethernet PPPoE termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the pppma process, resulting in a denial of service DoS condition. This vulnerability is du...

7.4CVSS7.3AI score0.00336EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2022/08/05 12:0 a.m.376 views

WordPress Ecwid Ecommerce Shopping Cart 6.10.23 Cross Site Request Forgery

Description: Cross-Site Request Forgery to Settings/Options Update Affected Plugin: Ecwid Ecommerce Shopping Cart Plugin Slug: ecwid-shopping-cart Affected Versions: = 6.10.23 CVE ID: CVE-2022-2432 CVSS Score: 8.8 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Researcher/s: Marco...

5.2AI score0.00454EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2022/06/09 12:0 a.m.6 views

The vulnerability of the Lightspeed-Plus operating system for Cisco IOS XR routers of the Cisco ASR 9000 family allows a attacker to trigger a service failure.

The vulnerability of the Lightspeed-Plus operating system for Cisco IOS XR routers of the Cisco ASR 9000 family relates to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending specially crafted IPv4 or...

8.6CVSS6.6AI score0.01382EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/04/22 12:0 a.m.35 views

Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed Plus Line Cards DoS (cisco-sa-lsplus-Z6AQEOjk)

According to its self-reported version, Cisco IOS XR is affected by denial of service vulnerability due to a vulnerability in the data plane microcode of Lightspeed-Plus line cards that cause the line card to reset. An unauthenticated, remote attacker can exploit these by sending a specific IPv4 ...

8.6CVSS6.7AI score0.01382EPSS
Exploits0References4
NVD
NVD
added 2022/04/15 3:15 p.m.16 views

CVE-2022-20714

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are...

8.6CVSS0.01382EPSS
Exploits0References1
Prion
Prion
added 2022/04/15 3:15 p.m.22 views

Design/Logic Flaw

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are...

5CVSS8.3AI score0.01382EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/04/15 2:15 p.m.10 views

CVE-2022-20714 Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are...

8.6CVSS7AI score0.01382EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/04/15 2:15 p.m.25 views

CVE-2022-20714 Cisco IOS XR Software for ASR 9000 Series Routers Lightspeed-Plus Line Cards Denial of Service Vulnerability

A vulnerability in the data plane microcode of Lightspeed-Plus line cards for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the line card to reset. This vulnerability is due to the incorrect handling of malformed packets that are...

8.6CVSS8.7AI score0.01382EPSS
Exploits0References1
CVE
CVE
added 2022/04/15 2:15 p.m.251 views

CVE-2022-20714

CVE-2022-20714 affects Cisco IOS XR on ASR 9000 Series Lightspeed-Plus line cards (e.g., ASR 9902/9903). The issue is in the data plane microcode where malformed IPv4/IPv6 packets can trigger a line card reset, causing DoS for traffic traversing the card. Exploitation requires no authentication. ...

8.6CVSS8.4AI score0.01382EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder