Lucene search
K

47 matches found

RedHat Linux
RedHat Linux
added 2024/06/24 7:27 p.m.5 views

Important: Red Hat Enhancement Advisory: Red Hat Developer Hub 1.2 release

Red Hat Developer Hub 1.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single pa...

9.8CVSS6.6AI score0.01939EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/04/29 12:15 a.m.342 views

CVE-2023-31485

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks...

5.9CVSS6.2AI score0.00651EPSS
Exploits0References7
OSV
OSV
added 2023/03/21 5:15 p.m.2 views

CVE-2023-1305

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

8.1CVSS7.3AI score
Exploits0References2
NVD
NVD
added 2023/03/21 5:15 p.m.13 views

CVE-2023-1305

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

8.1CVSS7.9AI score0.00777EPSS
Exploits1References2
NVD
NVD
added 2023/03/21 5:15 p.m.15 views

CVE-2023-1306

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

8.8CVSS8.7AI score0.01208EPSS
Exploits1References2
NVD
NVD
added 2023/03/21 5:15 p.m.12 views

CVE-2023-1304

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

8.8CVSS8.6AI score0.01079EPSS
Exploits1References2
Prion
Prion
added 2023/03/21 5:15 p.m.14 views

Design/Logic Flaw

An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...

6.5CVSS8.6AI score0.01208EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2023/03/21 5:15 p.m.15 views

Code injection

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

6.5CVSS8.5AI score0.01079EPSS
Exploits1References2Affected Software2
Prion
Prion
added 2023/03/21 5:15 p.m.18 views

Design/Logic Flaw

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

5.5CVSS7.9AI score0.00777EPSS
Exploits1References2Affected Software2
CVE
CVE
added 2023/03/21 4:53 p.m.47 views

CVE-2023-1306

CVE-2023-1306 affects Rapid7 InsightCloudSec. An authenticated attacker could abuse an exposed resource.db() accessor to smuggle Python methods via a Jinja template, enabling code execution. Mitigation: upgrade to InsightCloudSec 23.2.1 (Self-Managed) or apply the managed/SaaS patch released on 2...

8.8CVSS8.7AI score0.01208EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2023/03/21 4:51 p.m.18 views

CVE-2023-1305 Rapid7 InsightCloudSec box object access

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of...

8.1AI score0.00777EPSS
Exploits1References2
CVE
CVE
added 2023/03/21 4:45 p.m.46 views

CVE-2023-1304

CVE-2023-1304 affects InsightCloudSec. An authenticated attacker can use an exposed getattr() via a Jinja template to smuggle OS commands and invoke actions normally restricted to private methods. Affected are InsightCloudSec versions prior to the fixes; the issue was resolved in Managed and SaaS...

8.8CVSS8.6AI score0.01079EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2023/03/21 4:45 p.m.18 views

CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

8.8AI score0.01079EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2023/03/02 1:40 p.m.3 views

Hackers Exploit Containerized Environments to Steal Proprietary Data and Software

A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. "The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary...

6.8AI score
Exploits0
OSV
OSV
added 2022/09/30 7:15 p.m.6 views

CVE-2022-20844

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control SD-AVC on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists...

5.3CVSS5.8AI score0.00747EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/09/28 12:0 a.m.18 views

Cisco vManage 访问控制错误漏洞

Cisco vManage is a highly customizable dashboard from Cisco, Inc. that simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Cisco vManage suffers from an Access Control Error vulnerability that stems from the GUI being accessible on a self-managed clo...

5.3CVSS5.8AI score0.00669EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.3 views

CVE-2022-20310

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Andro...

3.3CVSS5.9AI score0.00089EPSS
Exploits0References2
NVD
NVD
added 2022/08/12 3:15 p.m.21 views

CVE-2022-20311

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Andro...

3.3CVSS0.00089EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from Google, Inc. A security vulnerability exists in Google Android 13, which stems from the disclosure of a registered self-managed phone account in its Telecomm due to a lack of privilege checking, which could lead to the disclosure o...

3.3CVSS5.2AI score0.00089EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/12 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is a Linux-based open-source operating system from Google, Inc. A security vulnerability exists in Google Android 13, which stems from the disclosure of a registered self-managed phone account in its Telecomm due to a lack of privilege checking, which could lead to the disclosure o...

3.3CVSS5.2AI score0.00089EPSS
Exploits0References2
Rows per page
Query Builder