Lucene search
K

26 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-1000

Malicious code in bioql PyPI...

9CVSS8.6AI score0.01305EPSS
Exploits0References12
NVD
NVD
added 2023/12/22 10:15 p.m.33 views

CVE-2023-51386

Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned...

7.8CVSS0.00169EPSS
Exploits0References2
Prion
Prion
added 2023/12/22 10:15 p.m.24 views

Design/Logic Flaw

Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned...

1.7CVSS6.5AI score0.00169EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/12/22 9:58 p.m.30 views

CVE-2023-51386 Sandbox Accounts for Events vulnerable to privilege escalation to read running events data

Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned...

7.8CVSS4.4AI score0.00169EPSS
Exploits0References4
CVE
CVE
added 2023/12/22 9:58 p.m.69 views

CVE-2023-51386

CVE-2023-51386 affects Sandbox Accounts for Events. An authenticated user could read data from the events table by sending requests to the events API, exposing information such as planned events, timeframes, budgets, and owner email addresses. The issue has been patched in version 1.10.0. Affecte...

7.8CVSS4.7AI score0.00169EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/12/22 9:15 p.m.13 views

CVE-2023-50928

"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event...

9CVSS0.00376EPSS
Exploits0References2
Prion
Prion
added 2023/12/22 9:15 p.m.15 views

Deserialization of untrusted data

"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event...

6CVSS7AI score0.00376EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/22 9:0 p.m.18 views

CVE-2023-50928 sandbox-accounts-for-events security misconfiguration leads to budget exceed

"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event...

7.1CVSS9.2AI score0.00376EPSS
Exploits0References2
OSV
OSV
added 2023/12/22 9:0 p.m.30 views

CVE-2023-50928 sandbox-accounts-for-events security misconfiguration leads to budget exceed

"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event...

7.1CVSS8.6AI score0.00376EPSS
Exploits0References4
CVE
CVE
added 2023/12/22 9:0 p.m.77 views

CVE-2023-50928

CVE-2023-50928 affects the Sandbox Accounts for Events tool. Affected: Sandbox Accounts for Events prior to version 1.1.0. Root cause: access control misconfiguration allows an authenticated user to claim and access empty AWS accounts by sending payloads to the account API with non-existent event...

9CVSS8.1AI score0.00376EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.4 views

PT-2023-31713 · Unknown · Sandbox Accounts For Events

Name of the Vulnerable Software and Affected Versions: Sandbox Accounts for Events versions prior to 1.1.0 Description: The issue allows authenticated users to potentially claim and access empty AWS accounts by sending request payloads to the account API containing non-existent event ids and...

9CVSS8.8AI score0.00376EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.4 views

Amazon Sandbox Accounts for Events Access Control Error Vulnerability

Amazon Sandbox Accounts for Events is an application from Amazon.com, Inc. It allows multiple temporary AWS accounts to be provisioned to multiple authenticated users at the same time through a browser-based GUI. An access control error vulnerability exists in Amazon Sandbox Accounts for Events...

9CVSS6.9AI score0.00376EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/22 12:0 a.m.6 views

PT-2023-31801 · Unknown · Sandbox Accounts For Events

Name of the Vulnerable Software and Affected Versions: Sandbox Accounts for Events versions prior to 1.10.0 Description: The issue allows authenticated users to potentially read data from the events table by sending request payloads to the "events API", collecting information on planned events,...

7.8CVSS3.5AI score0.00169EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/12/22 12:0 a.m.7 views

Amazon Sandbox Accounts for Events Security Breach

Amazon Sandbox Accounts for Events is an application from Amazon.com, Inc. It allows multiple temporary AWS accounts to be made available to multiple authenticated users at the same time through a browser-based GUI. A security vulnerability exists in Amazon Sandbox Accounts for Events prior to...

7.8CVSS6.9AI score0.00169EPSS
Exploits0References3
Mageia
Mageia
added 2022/06/13 8:44 p.m.97 views

Updated nats-server packages fix security vulnerability

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature. CVE-2022-24450...

9CVSS4AI score0.01305EPSS
Exploits0References2
Veracode
Veracode
added 2022/02/09 9:29 a.m.22 views

Privilege Escalation

github.com/nats-io/nats-server is vulnerable to privilege escalation. The vulnerability exists due to the weak permission in the "dynamically provisioned sandbox accounts" feature., allowing an unauthorized user to access System account...

8.8CVSS5AI score0.01305EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/02/08 5:23 p.m.239 views

GHSA-G6W6-R76C-28J7 Incorrect Authorization in NATS nats-server

This advisory is canonically Problem Description NATS nats-server through 2022-02-04 has Incorrect Access Control, with unchecked ability for clients to authorize into any account, because of a coding error in a long-extant experimental feature. A client crafting the initial protocol-level...

8.8CVSS8.7AI score0.01305EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/02/08 5:23 p.m.26 views

Incorrect Authorization in NATS nats-server

This advisory is canonically Problem Description NATS nats-server through 2022-02-04 has Incorrect Access Control, with unchecked ability for clients to authorize into any account, because of a coding error in a long-extant experimental feature. A client crafting the initial protocol-level...

9CVSS1.1AI score0.01305EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2022/02/08 2:15 a.m.39 views

CVE-2022-24450

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature...

9CVSS0.01305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/08 2:15 a.m.8 views

CVE-2022-24450

NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the "dynamically provisioned sandbox accounts" feature...

9CVSS7.3AI score0.01305EPSS
Exploits0References3
Rows per page
Query Builder