Lucene search
K

12 matches found

Veracode
Veracode
added 2025/03/28 2:36 a.m.10 views

Arbitrary File Overwrite

ai.h2o, h2o-core is vulnerable to Arbitrary File Overwrite. The vulnerability is due to a lack of export location restrictions in the model export endpoint, allowing an attacker to overwrite arbitrary files on the server...

7.1CVSS7AI score0.00693EPSS
Exploits1References4Affected Software2
Veracode
Veracode
added 2024/11/18 2:59 p.m.7 views

Improper Input Validation

mudler/LocalAI is vulnerable to Improper Input Validation. The vulnerability is due to improper handling of automatic archive extraction, allowing a 'tarslip' attack to bypass file location restrictions and write files to arbitrary locations on the server...

9.8CVSS6.9AI score0.01501EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/11/01 6:15 p.m.4 views

CVE-2023-20267

A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability b...

5.3CVSS5.8AI score0.00426EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.3 views

PT-2023-17424 · Snort · Snort

Name of the Vulnerable Software and Affected Versions: Snort 3 affected versions not specified Description: A vulnerability in the IP geolocation rules could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This issue exists because the configuration for IP...

5.3CVSS5.1AI score0.00426EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/06/06 5:15 p.m.6 views

CVE-2022-1935

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when I...

6.5CVSS6.6AI score0.0065EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2019/05/16 2:19 a.m.14 views

Privilege Escalation

Red Hat Satellite is vulnerable to privilege escalation vulnerability. This is because the Satellite 6 does not properly enforce access controls on certain resources. Remote authenticated users with unlimited filters could bypass organization and location restrictions and read or modify data for ...

5CVSS7.1AI score0.03213EPSS
Exploits0References107Affected Software53
Positive Technologies
Positive Technologies
added 2019/01/23 12:0 a.m.7 views

PT-2019-3931 · Apache +3 · Apache Http Server +3

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.37 through 2.4.38 Description: The issue is related to a flaw in the mod ssl component of the Apache HTTP Server, specifically concerning inadequate access control. This flaw can be exploited by a remote attack...

9CVSS6.7AI score0.65005EPSS
Exploits9References83
Veracode
Veracode
added 2019/01/15 9:9 a.m.27 views

Authorization Bypass

foreman is vulnerable to authorization bypass. An unspecified vulnerability allows authenticated users to bypass organization and location restrictions to read, edit or delete organizations or locations...

8.8CVSS8.4AI score0.02672EPSS
Exploits0References19Affected Software7
OSV
OSV
added 2016/08/19 9:59 p.m.10 views

CVE-2016-4475

The 1 Organization and 2 Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and a read, b edit, or c delete arbitrary organizations or locations via unspecified vectors...

8.8CVSS8.2AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2016/08/19 12:0 a.m.4 views

PT-2016-5961 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.11.3 Foreman versions 1.12.x prior to 1.12.0-RC1 Description: The issue allows remote authenticated users with unlimited filters to bypass organization and location restrictions. This can be achieved by leveraging...

6CVSS5.2AI score0.00933EPSS
Exploits0References6
CNVD
CNVD
added 2015/08/21 12:0 a.m.6 views

Foreman Security Mechanism Bypass Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A security vulnerability exists in Foreman versions prior to 1.7.5. A remote attacker could exploit this...

4CVSS6.6AI score0.01925EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/08/14 6:0 p.m.22 views

CVE-2015-1844

Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API...

6.1AI score0.01925EPSS
Exploits0References6
Rows per page
Query Builder