7 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identified as 32a7b713468161282f2ea01d5e2faff980d924cd. • https://github.com/yanheven/console/commit/32a7b713468161282f2ea01d5e2faff980d924cd https://vuldb.com/?ctiid.218354 https://vuldb.com/?id.218354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. VMware Horizon Agent para Linux (anterior a la versión 22.x) contiene una escalada de privilegios local que permite a un usuario escalar a root debido a un archivo de configuración vulnerable • https://www.vmware.com/security/advisories/VMSA-2022-0012.html •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. El agente de VMware Horizon para Linux (anterior a la versión 22.x) contiene una escalada de privilegios local, ya que un usuario puede cambiar la ubicación de la carpeta compartida por defecto debido a un enlace simbólico vulnerable. Una explotación exitosa puede resultar en la vinculación a un archivo propiedad de la raíz • https://www.vmware.com/security/advisories/VMSA-2022-0012.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user. La API Identity v3 en OpenStack Dashboard (Horizon) anterior a 2013.2 no requiere la contraseña actual cuando cambia contraseñas para cuentas de usuarios, lo que facilita a atacantes remotos cambiar una contraseña de usuario mediante el aprovechamiento del token de autenticación para este usuario. • http://lists.openstack.org/pipermail/openstack/2013-November/003299.html https://bugs.launchpad.net/horizon/+bug/1237989 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. Múltiples vulnerabilidades de XSS en OpenStack Dashboard (Horizon) 2013.2 y anteriores versiones permiten a usuarios locales inyectar script web o HTML arbitrario a través de un nombre de instancia en (1) "Volumes" o (2) "Network Topology". • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://secunia.com/advisories/55770 http://secunia.com/advisories/56117 http://www.securityfocus.com/bid/63787 http://www.ubuntu.com/usn/USN-2062-1 https://bugs.launchpad.net/horizon/+bug/1247675 https://access.redhat.com/security/cve/CVE-2013-6858 https://bugzilla.redhat.com/show_bug.cgi?id=1034153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •