108 matches found
CVE-2025-22218
VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...
CVE-2025-22218
VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...
CVE-2025-22218 VMware Aria Operations for Logs information disclosure vulnerability
VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...
CVE-2025-22218
CVE-2025-22218 (information disclosure) and CVE-2025-22219/22220/22221/22222 (XSS, broken access, and credentials leaks) affect VMware Aria Operations for Logs and related products. The Broadcom VMSA-2025-0003 advisory and VMware/ Broadcom release notes confirm multiple issues: CVE-2025-22218 all...
CVE-2025-22218 VMware Aria Operations for Logs information disclosure vulnerability
VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...
PT-2025-4394 · Vmware · Vmware Aria Operations For Logs
Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Logs affected versions not specified Description: The issue concerns an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware produc...
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks
Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromis...
PT-2024-5617 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.21 XWiki Platform versions prior to 15.5.5 XWiki Platform versions prior to 15.10.6 Description: The issue is related to a lack of authorization in the XWiki Platform, allowing a remote attacker to...
Denial Of Service
kibana is vulnerable to Denial Of Service. The vulnerability is due to the runsoon API allowing view-only users to execute alerting rules continuously, potentially impacting system availability if the alerting rules involve complex queries. An attacker can exploit this to degrade system performan...
BIT-KIBANA-2024-37279 Kibana Broken Access Control issue
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
BIT-ELK-2024-37279 Kibana Broken Access Control issue
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
CVE-2024-37279
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
CVE-2024-37279
Summary (CVE-2024-37279) : Kibana contains a flaw in the alerting run_soon API that allows view-only alerting users to keep an alert rule running, potentially impacting system availability when complex queries run. Affected versions cited across sources include Kibana 8.6.3 through 8.13.4. The vu...
CVE-2024-37279 Kibana Broken Access Control issue
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
Elastic Kibana Security Vulnerability
Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana versions 8.6.3 through 8.13.4, which stems from a...
PT-2024-27442 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A flaw was discovered in Kibana, allowing view-only users of alerting to use the "run soon API" making the alerting rule run continuously, potentially affecting the system availability if th...
SUSE CVE-2024-37279
A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...
CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to...
CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to...
Can download "view-only" files with the Files ZIP app
None...