194 matches found
PT-2023-33776 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue concerns the RDMA/core component of the Linux Kernel, where the ib port is not properly validated when accessing a sysfs node. The actual impact and attack plausibility have not ye...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the...
DEBIAN-CVE-2022-42318
Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...
DEBIAN-CVE-2022-42320
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...
Security Bulletin: IBM Spectrum Protect 8.1.14.000 Server is vulnerable to bypass of security restrictions (CVE-2022-22394)
Summary IBM Spectrum Protect 8.1.14.000 Server could allow a remote attacker to bypass security restrictions due to improper enforcement of access controls. Vulnerability Details CVEID: CVE-2022-22394 DESCRIPTION: The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass...
Drupal improper access restrictions
Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page...
GHSA-96VX-QF28-6F8M Drupal Access Control Bypass
Drupal 7.x before 7.3 allows remote attackers to bypass intended nodeaccess restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table...
GHSA-3327-JR93-7HQ3 Drupal access bypass vulnerability
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...
Drupal access bypass vulnerability
In Drupal versions 8.4.x versions before 8.4.5 when using node access controls with a multilingual site, Drupal marks the untranslated version of a node as the default fallback for access queries. This fallback is used for languages that do not yet have a translated version of the created node...
CVE-2022-22394
The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the...
PT-2022-15408 · Ibm · Ibm Spectrum Protect
Name of the Vulnerable Software and Affected Versions: IBM Spectrum Protect version 8.1.14.000 Description: The issue is caused by improper enforcement of access controls, allowing a remote attacker to bypass security restrictions. By signing in, an attacker could exploit this to bypass security...
CVE-2021-20319
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...
CVE-2020-35209
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information...
coreos-installer: incorrect signature verification on gzip-compressed install images
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...
coreos-installer: incorrect signature verification on gzip-compressed install images
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...
coreos-installer: incorrect signature verification on gzip-compressed install images
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...
coreos-installer: incorrect signature verification on gzip-compressed install images
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...
OpenShift 安全漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. OpenShift suffers from a security vulnerability that can be exploited by an attacker to access a running container that loads kubernet...
Improper Input Validation
Overview puppet is an automated configuration management tool. Affected versions of this package are vulnerable to Improper Input Validation. Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed...
Improper Certificate Validation in Puppet
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a...