Lucene search
K

606 matches found

vulnersOsv
vulnersOsv
added 2024/09/11 3:31 p.m.4 views

org.eclipse.tractusx.edc:data-encryption (=0.6.0), org.eclipse.tractusx.edc:edc-controlplane (=0.6.0) +5 more potentially affected by CVE-2024-8642 via org.eclipse.edc:transfer-data-plane (=0.5.1)

org.eclipse.edc:transfer-data-plane MAVEN version =0.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.edc:transfer-data-plane and may be impacted: - org.eclipse.tractusx.edc:data-encryption =0.6.0 -...

8.1CVSS5.8AI score0.00407EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.4 views

PT-2024-10399 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System IS-IS protocol could allow an unauthenticated, adjacent attacker to cause a...

7.4CVSS7.3AI score0.00238EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.3 views

PT-2024-18647 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software for various Cisco Network Convergence System NCS platforms affected versions not specified Description: A vulnerability in the handling of specific Ethernet frames could allow an unauthenticated, adjacent attacker to cau...

7.4CVSS7.2AI score0.00238EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2024/09/10 12:0 a.m.14 views

Fedora: Security Advisory (FEDORA-2023-a1b28cf117)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.8AI score0.05623EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.7 views

PT-2025-11097 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software version 7.9.2 Description: A vulnerability in the handling of specific packets that are punted from a line card to a route processor could allow an unauthenticated, adjacent attacker to cause control plane traffic to sto...

7.4CVSS7.3AI score0.00227EPSS
Exploits0References8
Veracode
Veracode
added 2024/08/27 1:48 p.m.18 views

Race Condition

k8s.io/kubernetes is vulnerable to Race Condition. The vulnerability is caused due to Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this...

3.5CVSS7AI score0.01082EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/08/22 3:31 a.m.18 views

CVE-2022-48933 netfilter: nf_tables: fix memory leak during stateful obj update

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function was called for this...

5.5CVSS5.9AI score0.0021EPSS
Exploits0References8
Cvelist
Cvelist
added 2024/08/22 3:31 a.m.27 views

CVE-2022-48933 netfilter: nf_tables: fix memory leak during stateful obj update

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function was called for this...

0.0021EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/08/17 10:15 a.m.23 views

CVE-2024-43834

In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of pagepooldestroy If the driver uses a page pool, it creates a page pool with pagepoolcreate. The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference...

5.5CVSS6.2AI score0.00247EPSS
Exploits0References18
Debian CVE
Debian CVE
added 2024/08/17 9:21 a.m.25 views

CVE-2024-43834

In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of pagepooldestroy If the driver uses a page pool, it creates a page pool with pagepoolcreate. The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference...

5.5CVSS5.4AI score0.00247EPSS
Exploits0
F5 Networks
F5 Networks
added 2024/08/14 1:22 p.m.35 views

K000140111: BIG-IP Next Central Manager vulnerability CVE-2024-39809

Security Advisory Description The BIG-IP Next Central Manager user session refresh token does not expire when a user logs out. CVE-2024-39809 Impact An attacker with access to obtain a user's session cookies can continue to use that session to access BIG-IP Next Central Manager and systems manage...

8.9CVSS6.7AI score0.00413EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2024/08/14 1:10 p.m.93 views

K10438187: BIG-IP iControl REST vulnerability CVE-2024-41723

Security Advisory Description Undisclosed requests to BIG-IP iControl REST can lead to an information leak of user account names. CVE-2024-41723 Impact This vulnerability allows for a remote authenticated attacker with network access to the iControl REST interface, through the BIG-IP management...

5.3CVSS6.6AI score0.00301EPSS
Exploits0Affected Software12
NVD
NVD
added 2024/08/12 4:15 p.m.43 views

CVE-2024-42480

Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...

9.9CVSS0.00622EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/08/12 3:21 p.m.28 views

CVE-2024-42480 Kamaji's RBAC Roles for `etcd` are not disjunct

Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...

8.1CVSS6.7AI score0.00622EPSS
Exploits1References3
CVE
CVE
added 2024/08/12 3:21 p.m.97 views

CVE-2024-42480

CVE-2024-42480 describes a vulnerability in Kamaji (Hosted Control Plane Manager for Kubernetes) where versions 1.0.0 and earlier use an "open at the top" range definition in RBAC for etcd roles. This misconfiguration allows certain TCP API servers to read, write, and delete data belonging to oth...

9.9CVSS7.9AI score0.00622EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/08/12 3:21 p.m.21 views

CVE-2024-42480 Kamaji's RBAC Roles for `etcd` are not disjunct

Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...

8.1CVSS6.5AI score0.00622EPSS
Exploits1References5
Fedora
Fedora
added 2024/07/26 1:22 a.m.13 views

[SECURITY] Fedora 40 Update: kubernetes-1.29.7-1.fc40

Open Source Production-Grade Container Scheduling And Management Platform Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on...

6.1CVSS7.3AI score0.00312EPSS
Exploits0
CVE
CVE
added 2024/07/19 5:0 a.m.101 views

CVE-2024-21583

CWE/CVE: CVE-2024-21583 affects Gitpod components and protocol (e.g., components/server/go/pkg/lib, components/ws-proxy/pkg/proxy, installer/auth/public-api-server/server, and @gitpod/gitpod-protocol; before main-gha.27122) with a Cookie Tossing flaw due to a missing __Host- prefix on the gitpod_...

4.1CVSS6.8AI score0.00597EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.8 views

PT-2024-18969 · Gitpod · Gitpod

Name of the Vulnerable Software and Affected Versions: github.com/gitpod-io/gitpod/components/server/go/pkg/lib versions before main-gha.27122 github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy versions before main-gha.27122 github.com/gitpod-io/gitpod/install/installer/pkg/components/auth...

5.1CVSS6.7AI score0.00597EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2024/05/14 11:56 p.m.41 views

CVE-2024-27397

A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation In order to trigger the issue, it requires the ability to create user/net...

7CVSS6.9AI score0.00257EPSS
Exploits0References4
Rows per page
Query Builder