12 matches found
CVE-2023-4002
An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or group...
CVE-2024-7209
A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender...
CVE-2021-31223
SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed...
CVE-2024-52975 Fleet Server sensitive information exposure via logs
An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled...
CVE-2024-43707
An issue was identified in Kibana where a user without access to Fleet can view Elastic Agent policies that could contain sensitive information. The nature of the sensitive information depends on the integrations enabled for the Elastic Agent and their respective versions...
SUSE CVE-2024-28103
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...
PT-2024-18155 · Beyondtrust · Privilege Management For Windows
Name of the Vulnerable Software and Affected Versions: Privilege Management for Windows versions prior to 24.1 Description: A local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy, allowing them to view the policy and potentially find...
GitLab Security Breach
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from a vulnerability that...
CVE-2021-3586
A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as wel...
CVE-2022-22152
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on...
Code injection
SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed...
Low: xdg-user-dirs
Issue Overview: It was found that the system umask policy is not being honored when creating XDG user directories /Desktop etc on first login. This could lead to user's files being inadvertently exposed to other local users.CVE-2017-15131 Affected Packages: xdg-user-dirs Note: This advisory is...