Linux Distros Unpatched Vulnerability : CVE-2021-27918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an...

PT-2024-32836 · Cilium +1 · Cilium +1

Name of the Vulnerable Software and Affected Versions: Cilium versions 1.14.0 through 1.14.15 Cilium versions 1.15.0 through 1.15.9 Description: A policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix CIDRSet or toFQDN and...

CVE-2024-5798

A flaw was found in Hashicorp Vault. Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This issue may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an...

BIT-VAULT-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

GHSA-32CJ-5WX4-GQ8P HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...

HashiCorp Vault Security Breach

HashiCorp Vault is a private key access management tool from HashiCorp Inc. in the United States. A security vulnerability exists in HashiCorp Vault, Vault Enterprise versions prior to 1.17.0, 1.16.3, and 1.15.9, which stems from failure to properly validate JSON Web Token JWT role-bound audience...

GHSA-82HX-W2R5-C2WQ Kubernetes API Server DoS Via API Requests

The Kubernetes API server component in Kubernetes versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

CVE-2021-22748

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit V1.15.9 and prior, C-Gate Server V2.11.7 and prior...

Schneider Electric 多款产品授权问题漏洞

Schneider Electric C-Bus Toolkit is an application from Schneider Electric, France. It is used to run, configure and debug C-Bus installations on personal computers. An authorization issue vulnerability exists in several Schneider Electric products, which could allow remote code execution when a...

CVE-2021-22716

A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit V1.15.9 and prior...

DEBIAN-CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

Design/Logic Flaw

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...

Security fix for the ALT Linux 9 package golang version 1.15.9-alt1

March 11, 2021 Alexey Shabalin 1.15.9-alt1 - New version 1.15.9. - Fixes: + CVE-2021-27918 + CVE-2021-27919...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

DEBIAN-CVE-2020-8552

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests...

PT-2020-20204 · Kubernetes +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.15.9 Kubernetes versions 1.16.0 through 1.16.6 Kubernetes versions 1.17.0 through 1.17.2 Description: The Kubernetes API server component has been found to be vulnerable to a denial of service attack via...