Lucene search
+L

217 matches found

CNNVD
CNNVD
added 2025/02/03 12:0 a.m.4 views

Quorum onQ 安全漏洞

Quorum onQ is a backup solution from Quorum. A security vulnerability exists in Quorum onQ version v.6.0.0.5.2064, which originates from a cross-site scripting vulnerability that allows remote attackers to obtain sensitive information via the msg parameter in the Login page...

6.1CVSS5.9AI score0.00496EPSS
Exploits2References3
CVE
CVE
added 2025/02/03 12:0 a.m.72 views

CVE-2024-44449

CVE-2024-44449 affects Quorum onQ OS 6.0.0.5.2064. The vulnerability is a Cross Site Scripting (reflected) in the Login page, where the msg parameter can expose sensitive information. Root cause is a reflected XSS vector in the Login API endpoint. Impact is information disclosure via the logged-i...

6.1CVSS6.3AI score0.00496EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/02/03 12:0 a.m.5 views

CVE-2024-44449

Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page...

6.1AI score0.00496EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/02/03 12:0 a.m.11 views

CVE-2024-44449

Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page...

0.00496EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.6 views

PT-2025-2676 · Quorum · Quorum Onq Os

Name of the Vulnerable Software and Affected Versions: Quorum onQ OS version 6.0.0.5.2064 Description: The issue allows a remote attacker to obtain sensitive information via the msg parameter in the "Login page" API endpoint. This is a Cross Site Scripting vulnerability. Recommendations: For Quor...

6.1CVSS6.4AI score0.00496EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2025/01/30 12:0 a.m.307 views

Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting

Quorum onQ OS version 6.0.0.5.2064 suffers from a cross site scripting vulnerability. + Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site...

6.3AI score0.00496EPSS
Exploits2
0day.today
0day.today
added 2025/01/30 12:0 a.m.340 views

Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting Vulnerability

Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site Scripting XSS Affected Component Login page get parameter 'msg' is vulnerable to Reflected Cross site scripting CVE Reference CVE-2024-44449 Security Issue Cross Site Scripting...

6.1CVSS7.2AI score0.00496EPSS
Exploits2
Oracle linux
Oracle linux
added 2024/05/23 12:0 a.m.48 views

pcs security update

0.10.18-2.0.1 - Replace HAM-logo.png with a generic one 0.10.18-2 - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 0.10.18-1 - Rebased to the latest sources see CHANGELOG.md Resolves: RHEL-7741 0.10.17-6 - Rebased to th...

7.5CVSS6.9AI score0.35376EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2024/05/21 2:18 p.m.5 views

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/15 6:26 a.m.51 views

Security Bulletin: IBM Event Streams is affected by authorization bypass through user-controlled key vulnerability ( CVE-2023-44981).

Summary This security vulnerability in Apache ZooKeeper could allow an attacker to bypass security restrictions on the system, caused by a flaw when SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true. This bulletin identifies the steps to take to address the...

9.1CVSS9.1AI score0.01713EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/03/06 11:8 a.m.47 views

BIT-ZOOKEEPER-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication

Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...

9.1CVSS9.2AI score0.01713EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/02/20 11:42 a.m.2 views

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/02/06 1:14 p.m.6 views

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2024/01/16 4:50 p.m.60 views

USN-6559-1: ZooKeeper vulnerabilities

It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2019-0201 Damien Diederen discovered that ZooKeeper...

9.1CVSS6.9AI score0.09634EPSS
Exploits0
Code423n4
Code423n4
added 2024/01/07 12:0 a.m.14 views

Upgraded Q -> 2 from #286 [1704653766013]

Judge has assessed an item in Issue 286 as 2 risk. The relevant finding follows: L-02 Quorum for existing piece cannot be changed L-03 Token inflation gives advantage to new pieces --- The text was updated successfully, but these errors were encountered: All reactions...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/12/10 12:0 a.m.36 views

FreeBSD : apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication (2bc376c0-977e-11ee-b4bc-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2bc376c0-977e-11ee-b4bc-b42e991fc52e advisory. - Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Pe...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 8:57 a.m.30 views

Security Bulletin: Due to the use of Apache ZooKeeper, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security bypass.

Summary Apache ZooKeeper is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-44981 Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...

9.1CVSS9.1AI score0.01713EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/12/06 11:30 p.m.3 views

zookeeper: Authorization Bypass in Apache ZooKeeper

A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...

9.1CVSS7.1AI score0.01713EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/29 2:49 p.m.30 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache ZooKeeper

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache ZooKeeper. Vulnerability Details CVEID: CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...

9.1CVSS6.8AI score0.01713EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.42 views

Debian DSA-5544-1 : zookeeper - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5544 advisory. Damien Diederen discovered that SASL quorum peer authentication within Zookeeper, a service for maintaining configuration information, was insufficiently enforced in...

9.1CVSS6.8AI score0.01713EPSS
Exploits0References6
Rows per page
Query Builder