1712 matches found
Design/Logic Flaw
Ingress nginx annotation injection causes arbitrary command execution...
CVE-2023-5043 Ingress nginx annotation injection causes arbitrary command execution
Ingress nginx annotation injection causes arbitrary command execution...
CVE-2023-5043
CVE-2023-5043 affects Kubernetes ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation injection allows a remote authenticated attacker to execute arbitrary commands on the system due to improper input validation. IBM’s bulletin associates this CVE with IBM Cloud Ku...
PT-2023-6428
Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.9.0 Description A security issue in ingress-nginx allows for arbitrary command execution due to annotation injection. This can be exploited by a remote attacker to execute arbitrary code or elevate privileges...
Foxit PDF Editor < 11.2.7 Multiple Vulnerabilities
According to its version, the Foxit PDF Editor application previously named Foxit PhantomPDF installed on the remote Windows host is prior to 11.2.7. It is, therefore affected by multiple vulnerabilities: - A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF...
PT-2023-23673 · Red Hat · Openshift Container Platform For Ibm Linuxone +4
Name of the Vulnerable Software and Affected Versions: undertow affected versions not specified jboss enterprise application platform affected versions not specified jboss enterprise application platform text-only advisories affected versions not specified openshift container platform affected...
PT-2023-28264 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the...
PT-2023-28268 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...
Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
PT-2023-28265 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...
PT-2023-28269 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicio...
PT-2023-28266 · Foxit · Foxit Pdf Reader
Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the...
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
GHSA-FWR2-64VR-XV9M Argo CD cluster secret might leak in cluster details page
Impact Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. https://github.com/argoproj/argo-cd/pull/7139 introduced the ability to manage cluster labels and...
Argo CD cluster secret might leak in cluster details page
Impact Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. https://github.com/argoproj/argo-cd/pull/7139 introduced the ability to manage cluster labels and...
PDF-XChange Editor Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
PT-2023-27223 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.6.15 Argo CD versions prior to 2.7.14 Argo CD versions prior to 2.8.3 Description: Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD...
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...