37 matches found
CLSA-2026-1778109988 toolbox: Fix of 9 CVEs
Rebuild with golang = 1.22.5 to fix CVE-2022-1705, CVE-2022-41717, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319, CVE-2023-39326, CVE-2023-45290, CVE-2024-24785, CVE-2024-24791...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack via the the Vault Kubernetes Authentication Provider. An attacker can access sensitive files by specifying tokenpath configuration parameter to any file on the Consul server node that later returned as jwt data and sent t...
CVE-2026-2808
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...
CVE-2026-2808
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...
CVE-2026-2808 Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider
HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...
PT-2026-24892
Name of the Vulnerable Software and Affected Versions HashiCorp Consul versions 1.18.20 through 1.21.10 HashiCorp Consul version 1.22.4 HashiCorp Consul Enterprise versions 1.18.20 through 1.21.10 HashiCorp Consul Enterprise version 1.22.4 Description HashiCorp Consul and Consul Enterprise are...
CVE-2026-21348
Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...
CVE-2026-21348
Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...
CVE-2026-21348
Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...
CVE-2026-21348
CVE-2026-21348 affects Substance3D Modeler
CVE-2026-21303
Substance3D Modeler v1.22.4 and earlier are affected by an Out-of-bounds Read (CWE-125) that could disclose memory contents. Exploitation requires a user to open a malicious file, potentially leading to memory disclosure. Adobe APSB26-08 notes a fixed update to 1.22.5; apply the security update t...
BIT-GITEA-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/api/v1/repo to version 1.22.5 or...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/routers/api/v1/repo to version 1.22.5...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/web/repo to version 1.22.5 or highe...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/services/repository to version 1.22.5...
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
GHSA-RRCW-5RJV-VJ26 Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
EUVD-2025-205410
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...