2474 matches found
Authorization
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals...
CVE-2023-4700 Missing Authorization in GitLab
An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals...
CVE-2023-4700
Removed by vendor...
Ensuring Supply Chain Security: Verify container image integrity with the Wiz Admission Controller
The Wiz admission controller simplifies supply chain security by ensuring only trusted container images can be deployed in Kubernetes environments...
PT-2023-30288 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.7 through 16.3.5 GitLab EE versions 16.4 through 16.4.1 GitLab EE versions 16.5 through 16.5.0 Description: An authorization issue affecting GitLab EE allowed a user to run jobs in protected environments, bypassing any...
48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,"...
CVE-2023-46604
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to caus...
The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms within isolated environments. This allows attackers to enhance their privileges and execute arbitrary codes.
The vulnerability of the Avast Premium Security antivirus protection lies in its lack of access control mechanisms in isolated environments when processing namespace objects. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...
Strategic Tips to Optimize Cybersecurity Consolidation
Say goodbye to security silos. Organizations are eager to take advantage of cybersecurity consolidation and make their security environments more manageable. Evolving incrementally and adopting a platform that supports third-party integrations are key to reducing cybersecurity complexity...
Ingress nginx annotation injection causes arbitrary command execution
Issue Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx...
Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.8.3 security and bug fix updates
Red Hat Advanced Cluster Management for Kubernetes 2.8.3 General Availability release images, which provide security updates and fix bugs. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2023-46124
CVE-2023-46124 affects the Fides web application. Specially crafted YAML dataset/configs uploaded as a ZIP can trigger Server-Side Request Forgery, allowing a malicious user to issue arbitrary requests to internal resources (including localhost) and exfiltrate data. The root cause is inadequate v...
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
CVE-2023-46126 Fides JavaScript Injection Vulnerability in Privacy Center URL
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability mak...
PT-2023-6562
Name of the Vulnerable Software and Affected Versions Intel Processors affected versions not specified Description A sequence of processor instructions can lead to unexpected behavior in some Intel processors, potentially allowing an authenticated user to enable escalation of privilege, informati...
CVE-2023-4274
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical...
Directory traversal
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical...
CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...
Migration, Backup, Staging – WPvivid < 0.9.90 - Admin+ Arbitrary Directory Deletion via Path Traversal
Description The plugin is vulnerable to Directory Traversal allowing authenticated bad actors with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments...
Unraveling Real-Life Attack Paths – Key Lessons Learned
In the ever-evolving landscape of cybersecurity, attackers are always searching for vulnerabilities and exploits within organizational environments. They don't just target single weaknesses; they're on the hunt for combinations of exposures and attack methods that can lead them to their desired...