Lucene search
K

56 matches found

Snyk
Snyk
added 2025/05/19 7:15 p.m.1 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...

9.9CVSS7.3AI score0.00538EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/19 7:15 p.m.1 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...

9.9CVSS7.3AI score0.00538EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/19 7:15 p.m.2 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...

9.9CVSS7.3AI score0.00538EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/19 7:15 p.m.2 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...

9.9CVSS7.3AI score0.00538EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/19 7:12 p.m.1 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining via the handling of DNS secrets. An attacker can escalate privileges by supplying malicious Google credentials. Note: Upgrading to 1.23.6 will fix the vulnerability in most cases, but not when the extension...

9.9CVSS7.1AI score0.00593EPSS
Exploits0References3
CVE
CVE
added 2025/04/17 6:50 a.m.65 views

CVE-2025-2903

CVE-2025-2903 concerns Google Cloud Platform OS Login, where an attacker who can create user accounts during VM deployment can SSH into a VM and gain command-line control of the OS. The consolidated evidence across Red Hat, NVD, and related feeds states that exploitation leads to access to data o...

8.5CVSS6.5AI score0.00181EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 6:50 a.m.6 views

CVE-2025-2903 Privilege Chaining in Delphix

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform GCP using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious...

8.5CVSS6.5AI score0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 6:50 a.m.29 views

CVE-2025-2903 Privilege Chaining in Delphix

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform GCP using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious...

8.5CVSS0.00181EPSS
Exploits0References1
Snyk
Snyk
added 2025/04/14 5:47 p.m.2 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

9.9CVSS7.2AI score0.00724EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/14 5:47 p.m.2 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

9.9CVSS7.2AI score0.00724EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/14 5:47 p.m.3 views

Privilege Chaining

Overview Affected versions of this package are vulnerable to Privilege Chaining through the spec.template.container configuration in the EventSource and Sensor custom resources. An attacker can gain privileged access to the host system and cluster by injecting commands into a container template...

9.9CVSS4.7AI score0.00724EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/26 3:33 a.m.13 views

CVE-2024-47045

Privilege chaining issue exists in the installer of e-Tax softwarecommon program. If this vulnerability is exploited, a malicious DLL prepared by an attacker may be executed with higher privileges than the application privilege...

6.9AI score0.00148EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.4 views

PT-2024-32370 · E-Tax · E-Tax

Name of the Vulnerable Software and Affected Versions: e-Tax software affected versions not specified Description: A privilege chaining issue exists in the installer of the e-Tax software, allowing a malicious DLL prepared by an attacker to be executed with higher privileges than the application...

7.8CVSS6.9AI score0.00148EPSS
Exploits0References8
NVD
NVD
added 2023/10/29 1:15 a.m.24 views

CVE-2023-5839

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9...

8.8CVSS8AI score0.00285EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/10/29 12:0 a.m.14 views

CVE-2023-5839 Privilege Chaining in hestiacp/hestiacp

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9...

8.8CVSS6.9AI score0.00285EPSS
Exploits1References2
CVE
CVE
added 2023/10/29 12:0 a.m.54 views

CVE-2023-5839

CVE-2023-5839 affects hestiacp/hestiacp prior to 1.8.9. Connected sources describe a local privilege escalation (privilege chaining) vulnerability exposed by PHP-FPM configuration: an attacker can leverage separate fpm listeners (admin vs www-data), access the admin Unix socket, and execute comma...

8.8CVSS8.3AI score0.00285EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/10/29 12:0 a.m.20 views

CVE-2023-5839 Privilege Chaining in hestiacp/hestiacp

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9...

8.8CVSS7.9AI score0.00285EPSS
Exploits1References2
OSV
OSV
added 2023/10/29 12:0 a.m.20 views

CVE-2023-5839 Privilege Chaining in hestiacp/hestiacp

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9...

8.8CVSS8.9AI score0.00285EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/29 12:0 a.m.12 views

PT-2023-32371 · Hestiacp · Hestiacp

Name of the Vulnerable Software and Affected Versions: hestiacp/hestiacp versions prior to 1.8.9 Description: The issue concerns a privilege chaining problem. Recommendations: For versions prior to 1.8.9, update to version 1.8.9 or later to resolve the issue...

8.8CVSS8.7AI score0.00285EPSS
Exploits1References4
OSV
OSV
added 2023/02/09 3:30 p.m.84 views

GHSA-86RF-38V8-9C4X privilege chaining in cockpit-hq/cockpit

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8...

8.8CVSS6.7AI score0.00344EPSS
Exploits1References4
Rows per page
Query Builder