546 matches found
Buffer overflow
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, userid, and token fields in data/data/com.ohmibod.remote2/sharedprefs/OMB.xml...
CVE-2017-14487
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by sniffing network traffic for search responses from the OhMiBod API server and then editing the username, userid, and token fields in data/data/com.ohmibod.remote2/sharedprefs/OMB.xml...
CVE-2017-14487
What is affected: OhMiBod Remote app for Android and iOS (Android/iOS platforms) using the OhMiBod API server. Vulnerability details: An attacker can impersonate a user by sniffing network traffic for search responses and then editing the username, user_id, and token fields stored in data/data/co...
Circle with Disney Token Routing Vulnerability(CVE-2017-12085)
Summary An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Tested...
Starbucks: Full Api Access and Run All Functions via Starbucks App
The tested application is Starbucks Turkey Android App. https://play.google.com/store/apps/details?id=com.starbucks.tr&hl=en All these things are made without any login. I did not login the app. 1. I tried to intercept traffic between starbucks app and server with burp suite. I could not be...
CVE-2016-5392
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...
CVE-2016-5392
The CVE-2016-5392 vulnerability affects Red Hat OpenShift Enterprise 3.2 deployments where the Kubernetes API server’s watch cache allows a remote, authenticated user who knows other project names to disclose sensitive project and user information. The root cause is an input validation error in t...
CVE-2016-5392
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...
server: build config to a strategy that isn't allowed by policy
An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build-configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the buil...
Unspecified Vulnerability in Google Kubernetes API Server
Google Kubernetes is an open source Docker container cluster management system. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A security vulnerability in Google Kubernetes' API server allows remote...
CVE-2016-1905
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...
Design/Logic Flaw
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...
CVE-2016-1905
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...
CVE-2016-1905
Technical details are not publicly available in the provided documents; no explicit affected products, impact specifics, or remediation are described beyond the initial description. Monitor for updates from connected sources.
CVE-2016-1905
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...
Improper Access Control
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...
Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update
Red Hat OpenShift Enterprise release 3.1.1 is now available with updates to packages that fix several security issues, bugs and introduce feature enhancements. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
Red Hat OpenShift Origin API Server Denial of Service Vulnerability
Red Hat OpenShift Origin is an open source Platform as a Service PaaS product from Red Hat, Inc. A security vulnerability in the API server of Red Hat OpenShift Origin version 1.0.5 can be exploited by a remote attacker to cause a denial of service crash of the master process with specially craft...
CVE-2015-5250
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...
CVE-2015-5250
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...