Lucene search
K

478 matches found

Github Security Blog
Github Security Blog
added 2025/01/14 10:18 p.m.23 views

Silverstripe Framework has a XSS in form messages

In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitise...

5.4CVSS6AI score0.00305EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/06/06 12:29 p.m.18 views

CGA-WGRP-HM45-WQ5R

Bulletin has no description...

7.5CVSS7.7AI score0.01462EPSS
Exploits0
Virtuozzo
Virtuozzo
added 2024/05/21 12:0 a.m.90 views

Virtuozzo Hybrid Infrastructure 6.1 Update 1 (6.1.1-35)

In this release, Virtuozzo Hybrid Infrastructure enables virtual CPU and RAM overcommitment per node, as well as provides stability and performance improvements, and addresses issues found in previous releases. Vulnerability id: VSTOR-49565 Network errors occur when migrating a VM that was...

7.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/04/05 7:43 a.m.10 views

marlowefireandsecuritygroup.com Cross Site Scripting vulnerability OBB-3904443

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/03/14 7:20 p.m.18 views

Microsoft Defender for Cloud Management Port Exposure Confusion

Prior to March 9, 2023, Microsoft Defender for Cloud incorrectly marked some Azure virtual machines as having secured management ports including SSH port 22/TCP, RDP port 3389/TCP and WINRM port 5985/TCP, when in fact one or more of these ports were exposed to the internet. This occured when the...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.2 views

SUSE CVE-2012-2101

Openstack Compute Nova Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service CPU and hard drive consumption via a network request that triggers a large number of iptables rules...

3.5CVSS6.7AI score0.0148EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.3 views

SUSE CVE-2013-4185

Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...

4CVSS6.2AI score0.02087EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.2 views

SUSE CVE-2014-0187

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied...

9CVSS6.8AI score0.02942EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:13 a.m.5 views

SUSE CVE-2015-7713

OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...

5CVSS7AI score0.0367EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.5 views

SUSE CVE-2019-9735

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...

7.7CVSS9.3AI score0.03635EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/02/07 5:23 p.m.47 views

Moderate: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS...

7.5CVSS8.2AI score0.05623EPSS
Exploits1References50
Kitploit
Kitploit
added 2022/07/28 12:30 p.m.65 views

TerraformGoat - "Vulnerable By Design" Multi Cloud Deployment Tool

TerraformGoat is selefra research lab's "Vulnerable by Design" multi cloud deployment tool. Currently supported cloud vendors include Alibaba Cloud, Tencent Cloud, Huawei Cloud, Amazon Web Services, Google Cloud Platform, Microsoft Azure. Scenarios ID | Cloud Service Company | Types Of Cloud...

7.5AI score
Exploits0References67
Rapid7 Blog
Rapid7 Blog
added 2022/07/06 6:0 p.m.19 views

[Security Nation] Pete Cooper and Irene Pontisso on the Results of the UK Government’s Security Culture Challenge

!\Security Nation\ Pete Cooper and Irene Pontisso on the Results of the UK Government’s Security Culture Challengehttps://blog.rapid7.com/content/images/2022/07/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod are joined again by Pete Cooper and Irene Pontisso of the UK...

7.3AI score
Exploits0
OSV
OSV
added 2022/06/20 8:25 p.m.5 views

MAL-2022-1193 Malicious code in aws-centralized-waf-and-vpc-security-group-management (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d30d20f7e913b442c7313e261478fa97e92d253c5e1d866d29f482c3ae42d5a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/05/25 9:15 p.m.4 views

CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...

7.5CVSS5.8AI score0.01208EPSS
Exploits1References1
Prion
Prion
added 2022/05/25 9:15 p.m.12 views

Xxe

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...

5CVSS7.4AI score0.01208EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/25 8:15 p.m.5 views

CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...

7.5CVSS7.4AI score0.01208EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/05/25 8:15 p.m.24 views

CVE-2022-26043

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests t...

7.5CVSS7.6AI score0.01208EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.7 views

PT-2022-3463 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version V16.00.0112 Description: The issue concerns the OAS Engine SecureAddSecurity functionality, where a lack of authentication check for a critical function can be exploited. An attacker can send a...

7.8CVSS7.5AI score0.01208EPSS
Exploits1References3
Talos
Talos
added 2022/05/25 12:0 a.m.75 views

Open Automation Software Platform Engine SecureTransferFiles file write vulnerability

Summary A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

9.8CVSS10AI score0.18607EPSS
Exploits1
Rows per page
Query Builder