Lucene search
K

21 matches found

EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40297

Rancher has over-inclusive team membership expansion in GitHub App authentication provider...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 12:16 p.m.7 views

CVE-2026-41053

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 11:38 a.m.34 views

CVE-2026-41053 Over-inclusive team membership expansion in GitHub App authentication provider for Rancher

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.7 views

CVE-2026-41049

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS0.00134EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 4:16 p.m.7 views

CVE-2026-41048

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS0.00133EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:32 p.m.31 views

CVE-2026-41049 Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS0.00134EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:32 p.m.14 views

CVE-2026-41049

CVE-2026-41049 affects the qSnapper dbus service prior to version 1.3.3. The underlying issue is incorrect caching of authentication between different users, allowing a local attacker to invoke dbus functions after a privileged user has authenticated for them. Documented impact: high confidential...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:32 p.m.3 views

CVE-2026-41049

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/22 3:32 p.m.6 views

EUVD-2026-38275

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:31 p.m.6 views

EUVD-2026-38272

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:31 p.m.31 views

CVE-2026-41048 Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS0.00133EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:31 p.m.18 views

CVE-2026-41048

CVE-2026-41048 describes an authentication caching bug in qSnapper prior to version 1.3.3 where caching between different polkit methods could allow a local attacker to perform privileged actions (e.g., restore from a snapshot) even when the user should only be able to delete snapshots. Affected ...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51336

Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description The qSnapper dbus service incorrectly caches authentication between different users. This allows a local attacker to utilize dbus functions after a privileged user has already performed authenticati...

8.4CVSS5.8AI score0.00134EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.9 views

PT-2026-53850

Name of the Vulnerable Software and Affected Versions Rancher versions 2.13.0 through 2.13.5 Rancher versions 2.14.0 through 2.14.1 Description Incorrect authentication caching in the GitHub authentication provider occurs during team membership expansion, causing cached principals to be reused...

9CVSS5.7AI score0.0037EPSS
Exploits0References19
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.7 views

SUSE CVE-2026-33496

ORY Oathkeeper is an Identity & Access Proxy IAP and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The oauth2introspection authenticator cache does not distingui...

8.1CVSS5.9AI score0.00333EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11210

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO UserInfo endpoint. We...

2.1CVSS5.8AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

Neo4j 安全漏洞

Neo4j is a Java-based graph database developed by the American company Neo4j, and it is fully compatible with ACID standards. It supports data migration and add-ons. Versions of Neo4j Enterprise prior to 2026.01.4 contained security vulnerabilities. These vulnerabilities stemmed from excessive...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2013:0226-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8AI score0.12098EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.27 views

openSUSE Security Update : tomcat (openSUSE-SU-2012:1701-1)

fix bnc793394 - bypass of security constraints CVE-2012-3546 - tomcat-CVE-2012-3546.patch http://svn.apache.org/viewvc?view=revision&revision=1377 892 - fix bnc793391 - bypass of CSRF prevention filter CVE-2012-4431 - tomcat-CVE-2012-4431.patch...

5.8CVSS6.1AI score0.12098EPSS
Exploits6References24
Tenable Nessus
Tenable Nessus
added 2013/02/04 12:0 a.m.41 views

SuSE 11.2 Security Update : tomcat6 (SAT Patch Number 7208)

This update of tomcat6 fixes the following security issues : - denial of service. CVE-2012-4534 - tomcat: HTTP NIO connector OOM DoS via a request with large headers. CVE-2012-2733 - tomcat: cnonce tracking weakness. CVE-2012-5885 - tomcat: authentication caching weakness. CVE-2012-5886 - tomcat:...

5CVSS6.1AI score0.12098EPSS
Exploits7References24
Rows per page
Query Builder