606 matches found
org.eclipse.tractusx.edc:data-encryption (=0.6.0), org.eclipse.tractusx.edc:edc-controlplane (=0.6.0) +5 more potentially affected by CVE-2024-8642 via org.eclipse.edc:transfer-data-plane (=0.5.1)
org.eclipse.edc:transfer-data-plane MAVEN version =0.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.eclipse.edc:transfer-data-plane and may be impacted: - org.eclipse.tractusx.edc:data-encryption =0.6.0 -...
PT-2024-10399 · Cisco · Cisco Ios Xr
Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System IS-IS protocol could allow an unauthenticated, adjacent attacker to cause a...
PT-2024-18647 · Cisco · Cisco Ios Xr
Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software for various Cisco Network Convergence System NCS platforms affected versions not specified Description: A vulnerability in the handling of specific Ethernet frames could allow an unauthenticated, adjacent attacker to cau...
Fedora: Security Advisory (FEDORA-2023-a1b28cf117)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-11097 · Cisco · Cisco Ios Xr
Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software version 7.9.2 Description: A vulnerability in the handling of specific packets that are punted from a line card to a route processor could allow an unauthenticated, adjacent attacker to cause control plane traffic to sto...
Race Condition
k8s.io/kubernetes is vulnerable to Race Condition. The vulnerability is caused due to Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this...
CVE-2022-48933 netfilter: nf_tables: fix memory leak during stateful obj update
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function was called for this...
CVE-2022-48933 netfilter: nf_tables: fix memory leak during stateful obj update
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The -init function was called for this...
CVE-2024-43834
In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of pagepooldestroy If the driver uses a page pool, it creates a page pool with pagepoolcreate. The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference...
CVE-2024-43834
In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of pagepooldestroy If the driver uses a page pool, it creates a page pool with pagepoolcreate. The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference...
K000140111: BIG-IP Next Central Manager vulnerability CVE-2024-39809
Security Advisory Description The BIG-IP Next Central Manager user session refresh token does not expire when a user logs out. CVE-2024-39809 Impact An attacker with access to obtain a user's session cookies can continue to use that session to access BIG-IP Next Central Manager and systems manage...
K10438187: BIG-IP iControl REST vulnerability CVE-2024-41723
Security Advisory Description Undisclosed requests to BIG-IP iControl REST can lead to an information leak of user account names. CVE-2024-41723 Impact This vulnerability allows for a remote authenticated attacker with network access to the iControl REST interface, through the BIG-IP management...
CVE-2024-42480
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...
CVE-2024-42480 Kamaji's RBAC Roles for `etcd` are not disjunct
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...
CVE-2024-42480
CVE-2024-42480 describes a vulnerability in Kamaji (Hosted Control Plane Manager for Kubernetes) where versions 1.0.0 and earlier use an "open at the top" range definition in RBAC for etcd roles. This misconfiguration allows certain TCP API servers to read, write, and delete data belonging to oth...
CVE-2024-42480 Kamaji's RBAC Roles for `etcd` are not disjunct
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...
[SECURITY] Fedora 40 Update: kubernetes-1.29.7-1.fc40
Open Source Production-Grade Container Scheduling And Management Platform Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on...
CVE-2024-21583
CWE/CVE: CVE-2024-21583 affects Gitpod components and protocol (e.g., components/server/go/pkg/lib, components/ws-proxy/pkg/proxy, installer/auth/public-api-server/server, and @gitpod/gitpod-protocol; before main-gha.27122) with a Cookie Tossing flaw due to a missing __Host- prefix on the gitpod_...
PT-2024-18969 · Gitpod · Gitpod
Name of the Vulnerable Software and Affected Versions: github.com/gitpod-io/gitpod/components/server/go/pkg/lib versions before main-gha.27122 github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy versions before main-gha.27122 github.com/gitpod-io/gitpod/install/installer/pkg/components/auth...
CVE-2024-27397
A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in how a user triggers the element timeout. This flaw allows a local user to crash or potentially escalate their privileges on the system. Mitigation In order to trigger the issue, it requires the ability to create user/net...