546 matches found
CVE-2023-32192
A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...
CVE-2023-32192
A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...
CVE-2023-32192 Rancher API Server Cross-site Scripting Vulnerability
A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...
CVE-2023-32192 Rancher API Server Cross-site Scripting Vulnerability
A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser...
CVE-2024-6840
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via automountServiceAccountToken: true, resulting in privilege escalation to a service account...
CVE-2024-6840
An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via automountServiceAccountToken: true, resulting in privilege escalation to a service account...
GO-2022-0703 XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes
XML Entity Expansion and Improper Input Validation in Kubernetes API server in k8s.io/kubernetes...
GHSA-6R4J-4RJC-8VW5 RBAC Roles for `etcd` created by Kamaji are not disjunct
Summary Using an "open at the top" range definition in RBAC for etcd roles leads to some TCPs API servers being able to read, write and delete the data of other control planes. Details The problematic code is this:...
BIT-HUBBLE-UI-2023-39347
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...
BIT-HUBBLE-UI-2023-41333
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...
BIT-HUBBLE-UI-BACKEND-2023-41333
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...
BIT-CILIUM-PROXY-2023-39347
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence AI infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud...
GitLab CE/EE Security Vulnerabilities
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE/EE, which stems from the fact that an...
GO-2024-2728 Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd
Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd...
BIT-HUBBLE-2023-41333
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...
RHEL 7 : kubernetes (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - Kubernetes api server: build config to a strategy that isn't allowed by policy CVE-2016-1906 - kubernetes...
BIT-HUBBLE-RELAY-2023-39347 Cilium NetworkPolicy bypass via pod labels
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels...
BIT-HUBBLE-RELAY-2023-41333 Bypass of namespace restrictions in CiliumNetworkPolicy
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...
CVE-2024-3126
A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...