Lucene search
K

108 matches found

OSV
OSV
added 2025/01/30 3:15 p.m.3 views

CVE-2025-22218

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...

7.7CVSS5.8AI score0.0065EPSS
Exploits0References1
NVD
NVD
added 2025/01/30 3:15 p.m.10 views

CVE-2025-22218

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...

8.5CVSS0.0065EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/30 2:23 p.m.9 views

CVE-2025-22218 VMware Aria Operations for Logs information disclosure vulnerability

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...

8.5CVSS8AI score0.0065EPSS
Exploits0References1
CVE
CVE
added 2025/01/30 2:23 p.m.140 views

CVE-2025-22218

CVE-2025-22218 (information disclosure) and CVE-2025-22219/22220/22221/22222 (XSS, broken access, and credentials leaks) affect VMware Aria Operations for Logs and related products. The Broadcom VMSA-2025-0003 advisory and VMware/ Broadcom release notes confirm multiple issues: CVE-2025-22218 all...

8.5CVSS8AI score0.0065EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/01/30 2:23 p.m.21 views

CVE-2025-22218 VMware Aria Operations for Logs information disclosure vulnerability

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs...

8.5CVSS0.0065EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-4394 · Vmware · Vmware Aria Operations For Logs

Name of the Vulnerable Software and Affected Versions: VMware Aria Operations for Logs affected versions not specified Description: The issue concerns an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware produc...

8.5CVSS8.6AI score0.0065EPSS
Exploits0References19
The Hacker News
The Hacker News
added 2024/10/09 4:22 a.m.17 views

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromis...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.6 views

PT-2024-5617 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.21 XWiki Platform versions prior to 15.5.5 XWiki Platform versions prior to 15.10.6 Description: The issue is related to a lack of authorization in the XWiki Platform, allowing a remote attacker to...

5.3CVSS8AI score0.00398EPSS
Exploits0References15
Veracode
Veracode
added 2024/07/04 7:37 a.m.16 views

Denial Of Service

kibana is vulnerable to Denial Of Service. The vulnerability is due to the runsoon API allowing view-only users to execute alerting rules continuously, potentially impacting system availability if the alerting rules involve complex queries. An attacker can exploit this to degrade system performan...

4.3CVSS7.2AI score0.00372EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/17 7:22 a.m.16 views

BIT-KIBANA-2024-37279 Kibana Broken Access Control issue

A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...

4.3CVSS4.3AI score0.00372EPSS
Exploits0References2
OSV
OSV
added 2024/06/17 7:17 a.m.23 views

BIT-ELK-2024-37279 Kibana Broken Access Control issue

A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...

4.3CVSS4.3AI score0.00372EPSS
Exploits0References2
NVD
NVD
added 2024/06/13 5:15 p.m.18 views

CVE-2024-37279

A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...

4.3CVSS0.00372EPSS
Exploits0References1
CVE
CVE
added 2024/06/13 5:4 p.m.105 views

CVE-2024-37279

Summary (CVE-2024-37279) : Kibana contains a flaw in the alerting run_soon API that allows view-only alerting users to keep an alert rule running, potentially impacting system availability when complex queries run. Affected versions cited across sources include Kibana 8.6.3 through 8.13.4. The vu...

4.3CVSS4.3AI score0.00372EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/13 5:4 p.m.24 views

CVE-2024-37279 Kibana Broken Access Control issue

A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...

4.3CVSS6.7AI score0.00372EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/13 12:0 a.m.4 views

Elastic Kibana Security Vulnerability

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana versions 8.6.3 through 8.13.4, which stems from a...

4.3CVSS6.7AI score0.00372EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.5 views

PT-2024-27442 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A flaw was discovered in Kibana, allowing view-only users of alerting to use the "run soon API" making the alerting rule run continuously, potentially affecting the system availability if th...

4.3CVSS6.8AI score0.00372EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2024/06/07 2:17 a.m.3 views

SUSE CVE-2024-37279

A flaw was discovered in Kibana, allowing view-only users of alerting to use the runsoon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries...

4.3CVSS6.7AI score0.00372EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/18 8:14 p.m.8 views

CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to...

4.1CVSS4.6AI score0.00517EPSS
Exploits0References3
OSV
OSV
added 2024/01/18 8:14 p.m.25 views

CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to...

4.1CVSS4.7AI score0.00517EPSS
Exploits0References5
Nextcloud
Nextcloud
added 2024/01/18 8:38 a.m.36 views

Can download "view-only" files with the Files ZIP app

None...

4.3CVSS4.8AI score0.00517EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder