Lucene search
K

110 matches found

Prion
Prion
added 2023/05/30 7:15 a.m.15 views

Code injection

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity validate.podSecurity subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4...

6.5CVSS8.7AI score0.00485EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/05/30 6:6 a.m.78 views

CVE-2023-33191

CVE-2023-33191 affects Kyverno, a Kubernetes policy engine. The vulnerability lies in the seccomp control used by the podSecurity validate.podSecurity subrule, making Kyverno versions 1.9.2 and 1.9.3 vulnerable to circumvention of seccomp controls. The issue was fixed in version 1.9.4. Reported s...

8.8CVSS6.4AI score0.00485EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/30 6:6 a.m.7 views

CVE-2023-33191 kyverno seccomp control can be circumvented

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity validate.podSecurity subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4...

4.6CVSS8.7AI score0.00485EPSS
Exploits0References3
OSV
OSV
added 2023/05/30 6:6 a.m.18 views

CVE-2023-33191 kyverno seccomp control can be circumvented

Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity validate.podSecurity subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4...

4.6CVSS8.5AI score0.00485EPSS
Exploits0References5
OSV
OSV
added 2022/09/12 7:15 p.m.3 views

CVE-2022-1700

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in the Policy Engine of Forcepoint Data Loss Prevention DLP, which is also leveraged by Forcepoint One Endpoint F1E, Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20...

9.8CVSS5.7AI score0.00699EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/12 12:0 a.m.5 views

PT-2022-14056 · Forcepoint · Forcepoint Email Security +4

Name of the Vulnerable Software and Affected Versions: Forcepoint Data Loss Prevention DLP versions prior to 8.8.2 Forcepoint One Endpoint F1E with Policy Engine versions prior to 8.8.2 Forcepoint Web Security Content Gateway versions prior to 8.5.5 Forcepoint Email Security with DLP enabled...

9.8CVSS9.3AI score0.00699EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/09/12 12:0 a.m.5 views

Forcepoint Data Loss Prevention 代码问题漏洞

Forcepoint Data Loss Prevention Forcepoint DLP is a data loss prevention software from Forcepoint Corporation, USA. A security vulnerability in the Policy Engine component of Forcepoint Data Loss Prevention stems from an incorrectly configured XML parser in the Policy Engine that fails to support...

9.8CVSS8.3AI score0.00699EPSS
Exploits0References3
Fedora
Fedora
added 2022/07/31 1:37 a.m.18 views

[SECURITY] Fedora 36 Update: open-policy-agent-0.31.0-7.fc36

An open source, general-purpose policy engine. The Open Policy Agent OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack...

1.9AI score
Exploits0
Fedora
Fedora
added 2022/07/04 1:35 a.m.25 views

[SECURITY] Fedora 36 Update: open-policy-agent-0.31.0-6.fc36

An open source, general-purpose policy engine. The Open Policy Agent OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack...

9.3CVSS8.2AI score0.05994EPSS
Exploits4
CNNVD
CNNVD
added 2022/05/19 12:0 a.m.5 views

Open Policy Agent 安全漏洞

Open Policy Agent is a general-purpose policy engine that enables unified, context-aware policy enforcement across the stack. v0.39.0 of Open Policy Agent is vulnerable to a denial-of-service vulnerability that stems from an application misinterpreting each expression, triggering out-of-scope...

7.5CVSS7.5AI score0.0095EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/05/08 12:0 a.m.14 views

Fedora: Security Advisory for open-policy-agent (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS10AI score0.03931EPSS
Exploits0References2
Fedora
Fedora
added 2022/05/07 5:6 a.m.18 views

[SECURITY] Fedora 36 Update: open-policy-agent-0.31.0-4.fc36

An open source, general-purpose policy engine. The Open Policy Agent OPA is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack...

7.5CVSS1.9AI score0.03931EPSS
Exploits0
NVD
NVD
added 2022/02/09 10:15 p.m.31 views

CVE-2022-23628

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

6.3CVSS0.0103EPSS
Exploits1References4
Prion
Prion
added 2022/02/09 10:15 p.m.13 views

Design/Logic Flaw

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

4.3CVSS5.2AI score0.0103EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/02/09 9:50 p.m.28 views

CVE-2022-23628 Array literal misordering in github.com/open-policy-agent/opa

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

6.3CVSS5.5AI score0.0103EPSS
Exploits1References6
CVE
CVE
added 2022/02/09 9:50 p.m.170 views

CVE-2022-23628

Summary (CVE-2022-23628) : The issue in Open Policy Agent (OPA) concerns the pretty-printing of an AST that contains synthetic nodes, which can reorder array literals and change policy logic under a very specific set of conditions. The three conditions must all be met: (1) an AST is created progr...

6.3CVSS5.3AI score0.0103EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.5 views

Open Policy Agent 安全漏洞

Open Policy Agent is an open source general-purpose policy engine that enables uniform, context-aware policy enforcement across the stack. Open Policy Agent suffers from a security vulnerability that stems from the fact that under certain conditions, pretty-printing an Abstract Syntax Tree AST...

6.3CVSS5.9AI score0.0103EPSS
Exploits1References5
OSV
OSV
added 2018/10/17 5:22 p.m.2 views

GHSA-XV7X-X6WR-XX7G Apache Ranger policy engine incorrectly matches paths in certain conditions

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true...

5.9CVSS6.2AI score0.02733EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2018/09/14 12:0 a.m.47 views

Imperva SecureSphere WAF 11.5 Bypass

Hello everyone, Can I have your opinion about this bug below please ? Exploit Title: Policy Bypass on Imperva SecureSphere Web Application Firewall Date: 08/05/2018 Author: Damien CabriAc Contact: https://twitter.com/nawhack Vendor Homepage: http://www.imperva.com Version: Imperva SecureSphere WA...

Exploits0
Prion
Prion
added 2017/06/14 5:29 p.m.15 views

Design/Logic Flaw

Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true...

4.3CVSS7AI score0.02733EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder