Show filters
26 Total Results
Displaying 1-10 of 26
Sort by:
Attacker Value
Unknown

CVE-2024-5250

Disclosure Date: July 30, 2024 (last updated October 02, 2024)
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-5249

Disclosure Date: July 30, 2024 (last updated October 02, 2024)
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-3930

Disclosure Date: July 30, 2024 (last updated October 01, 2024)
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-3995

Disclosure Date: June 28, 2024 (last updated July 01, 2024)
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins.
0
0
Attacker Value
Unknown

CVE-2024-0325

Disclosure Date: February 01, 2024 (last updated February 10, 2024)
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.  
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-5759

Disclosure Date: November 08, 2023 (last updated January 04, 2024)
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.  
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-45849

Disclosure Date: November 08, 2023 (last updated January 04, 2024)
An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-45319

Disclosure Date: November 08, 2023 (last updated January 04, 2024)
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner. 
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-35767

Disclosure Date: November 08, 2023 (last updated February 01, 2024)
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.  
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-2394

Disclosure Date: July 15, 2022 (last updated October 07, 2023)
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
View More Topics  Next >