10 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. VMware Horizon Agent para Linux (anterior a la versión 22.x) contiene una escalada de privilegios local que permite a un usuario escalar a root debido a un archivo de configuración vulnerable • https://www.vmware.com/security/advisories/VMSA-2022-0012.html •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. El agente de VMware Horizon para Linux (anterior a la versión 22.x) contiene una escalada de privilegios local, ya que un usuario puede cambiar la ubicación de la carpeta compartida por defecto debido a un enlace simbólico vulnerable. Una explotación exitosa puede resultar en la vinculación a un archivo propiedad de la raíz • https://www.vmware.com/security/advisories/VMSA-2022-0012.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 1

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class. Vulnerabilidad de XSS en la sección Orchestration/Stack en OpenStack Dashboard (Horizon) 2014.2 en versiones anteriores a 2014.2.4 y 2015.1.x en versiones anteriores a 2015.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la descripción de parámetros en una plantilla heat, la cual no se maneja correctamente en el atributo help_text en la clase Field. A cross-site scripting (XSS) flaw was found in the Horizon orchestration dashboard. An attacker able to trick a Horizon user into using a malicious template during the stack creation could use this flaw to perform an XSS attack on that user. • http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html http://rhn.redhat.com/errata/RHSA-2015-1679.html http://www.debian.org/security/2016/dsa-3617 http://www.openwall.com/lists/oss-security/2015/06/09/7 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/75109 https://bugs.launchpad.net/horizon/+bug/1453074 https://access.redhat.com/security/cve/CVE-2015-3219 https://bugzilla.redhat.com/sho • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475. Vulnerabilidad de XSS en el panel Groups en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una dirección de email de un usuarios, una vulnerabilidad diferente a CVE-2014-3475. • http://www.openwall.com/lists/oss-security/2014/07/08/6 http://www.securityfocus.com/bid/68456 https://bugs.launchpad.net/horizon/+bug/1320235 https://access.redhat.com/security/cve/CVE-2014-8578 https://bugzilla.redhat.com/show_bug.cgi?id=1116090 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name. Vulnerabilidad de XSS en la interfaz Host Aggregates en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-3 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de agregado de anfitrión nuevo. A persistent cross-site scripting (XSS) flaw was found in the horizon host aggregate interface. A user with sufficient privileges to add a host aggregate could potentially use this flaw to capture the credentials of another user. • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://rhn.redhat.com/errata/RHSA-2014-1335.html http://rhn.redhat.com/errata/RHSA-2014-1336.html http://seclists.org/oss-sec/2014/q3/413 http://www.securityfocus.com/bid/69291 https://bugs.launchpad.net/horizon/+bug/1349491 https://exchange.xforce.ibmcloud.com/vulnerabilities/95378 https://review.openstack.org/#/c/115310 https://review.openstack.org/#/c/115311 https://review.openstack.org/# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •