1037 matches found
HackerOne: Issue with VDP Program's Transition to Private Status and Missing Warning Labels on ORG Invitation
Vulnerability description not provided...
CVE-2024-46695
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
CVE-2024-46695
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
AZL-49338 CVE-2024-46695 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
DEBIAN-CVE-2024-46695
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
UBUNTU-CVE-2024-46695
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
CVE-2024-46695 selinux,smack: don't bypass permissions check in inode_setsecctx hook
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
CVE-2024-46695 selinux,smack: don't bypass permissions check in inode_setsecctx hook
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
CVE-2024-46695 selinux,smack: don't bypass permissions check in inode_setsecctx hook
In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inodesetsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashin...
CVE-2024-46695
CVE-2024-46695 affects the Linux kernel; the root cause is a permissions bypass in the SELinux/Smack ininode_setsecctx hook. The bug allowed a privileged user (root) on an NFS client to change security labels on files on an NFS export with root squash enabled, due to incomplete permission checks ...
WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
Overview The field labels in WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Ryo Sotoyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
GO-2022-0959 Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium
Network Policies & Clusterwide Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels in github.com/cilium/cilium...
GO-2023-2078 Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium
Kubernetes users may update Pod labels to bypass network policy in github.com/cilium/cilium...
BIT-CILIUM-2024-42488 Cilium agent's race condition may lead to policy bypass for Host Firewall policy
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies...
BIT-CILIUM-OPERATOR-2024-42488 Cilium agent's race condition may lead to policy bypass for Host Firewall policy
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies...
WordPress Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin <= 3.4.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Muhammad Daffa Patchstack Alliance in WordPress Plugin Print Barcode Labels for your WooCommerce products/orders versions = 3.4.9...
WordPress Print Barcode Labels for your WooCommerce products/orders Plugin <= 3.4.9 is vulnerable to Broken Access Control
Software Print Barcode Labels for your WooCommerce products/orders Type Plugin Vulnerable versions = 3.4.9 Fixed in 3.4.10 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43310 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...
CVE-2024-42488 Cilium agent's race condition may lead to policy bypass for Host Firewall policy
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies...
PT-2024-29985 · Cilium · Cilium
Name of the Vulnerable Software and Affected Versions: Cilium versions prior to 1.14.14 Cilium versions 1.15.0 through 1.15.7 Description: A race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node, leading to policy bypass. This could cause...
Cilium 安全漏洞
Cilium is an open source software from Cilium Open Source. It is used to provide and transparently protect network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in Cilium versions prior to 1.14.14 and...