Lucene search
+L

43 matches found

Prion
Prion
added 2023/08/22 10:15 p.m.20 views

Cross site request forgery (csrf)

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470...

5CVSS5AI score0.00412EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/08/22 9:57 p.m.28 views

CVE-2023-40370 IBM Robotic Process Automation information disclosure

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470...

3.7CVSS5.2AI score0.00412EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.6 views

SUSE CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

2.1CVSS6.7AI score0.0147EPSS
Exploits0References4
Prion
Prion
added 2023/02/06 9:15 p.m.16 views

Design/Logic Flaw

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service...

3.3CVSS5.1AI score0.00956EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.33 views

Puppet Denial of Service and Arbitrary File Write

A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...

3.5CVSS7AI score0.02553EPSS
Exploits0References18Affected Software1
RubySec
RubySec
added 2022/05/14 12:0 a.m.47 views

Puppet Denial of Service and Arbitrary File Write

A vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to 1 cause a denial of service memory consumption via a REST request to a stream that triggers...

3.5CVSS6.5AI score0.02553EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2022/04/26 10:22 p.m.47 views

CVE-2021-22696

CXF supports via JwtRequestCodeFilter passing OAuth 2 parameters via a JWT token as opposed to query parameters see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request JAR. Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from...

7.5CVSS2.5AI score0.06593EPSS
Exploits0References4
Veracode
Veracode
added 2021/04/05 6:44 a.m.33 views

Denial Of Service (DoS)

cxf-rt-rs-security-oauth2 is vulnerable to denial of service DoS. The vulnerability exists as it does not properly validate the requesturi parameter, allowing a REST request to the parameter in the request to retrieve a token...

7.5CVSS3.3AI score0.06593EPSS
Exploits0References14Affected Software1
NVD
NVD
added 2021/04/02 10:15 a.m.23 views

CVE-2021-22696

CXF supports via JwtRequestCodeFilter passing OAuth 2 parameters via a JWT token as opposed to query parameters see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request JAR. Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from...

7.5CVSS0.06593EPSS
Exploits0References9
Atlassian
Atlassian
added 2020/07/28 6:27 p.m.19 views

Improve error handling in commits page and REST endpoint

Adding a trail "%27" at the commits page URL in Bitbucket causes the application to output the error below. !screenshot-1.png|thumbnail! This error is improper error handling as it shows the path to the git executable in the server as well as it exceeds the limits of the error page and does not...

1.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/03/31 12:0 a.m.8 views

The vulnerability of the NX-OS network operating system and the Application Policy Infrastructure Controller software allows a perpetrator to circumvent existing access restrictions based on RBAC.

The vulnerability of the NX-OS network operating system and the Application Policy Infrastructure Controller software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to circumvent existing access restrictions using a...

9CVSS7.7AI score0.0216EPSS
Exploits0References2
Prion
Prion
added 2016/02/12 1:59 a.m.20 views

Design/Logic Flaw

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...

4CVSS6.7AI score0.01708EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/02/12 1:0 a.m.25 views

CVE-2016-0881

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language DQL injection attacks and obtain sensitive repository information by appending a query to a REST request...

6.3AI score0.01708EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.28 views

Amazon Linux: Security Advisory (ALAS-2012-75)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.1CVSS6.4AI score0.0147EPSS
Exploits0References2
Fedora
Fedora
added 2013/07/23 1:2 a.m.14 views

[SECURITY] Fedora 18 Update: nodejs-aws-sign-0.3.0-1.fc18

Simple module to calculate Authorization header for Amazon AWS REST request s...

3.3CVSS2.1AI score0.00372EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2012/12/04 7:24 p.m.9 views

puppet: Filebucket arbitrary file read

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

2.1CVSS5.8AI score0.0147EPSS
Exploits0References5
NVD
NVD
added 2012/07/17 9:55 p.m.23 views

CVE-2012-3240

The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request...

7.5CVSS6.8AI score0.02409EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2012/07/17 9:55 p.m.32 views

CVE-2012-3240

The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request...

7.5CVSS5.9AI score0.02409EPSS
Exploits0References5
Prion
Prion
added 2012/07/17 9:55 p.m.24 views

Design/Logic Flaw

The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request...

7.5CVSS7.4AI score0.02409EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2012/05/29 8:55 p.m.27 views

CVE-2012-1986

Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction...

2.1CVSS6AI score0.0147EPSS
Exploits0References16
Rows per page
Query Builder