Lucene search
K

19 matches found

Cvelist
Cvelist
added yesterday8 views

CVE-2026-55428 Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinato...

8.2CVSS
Exploits0References6
OSV
OSV
added yesterday5 views

GO-2026-5915 Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator in github.com/coder/coder

Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator in github.com/coder/coder...

8.2CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2 days ago7 views

Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator

Summary The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration. Impact A...

8.2CVSS6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2 days ago3 views

GHSA-WRQ8-FCV5-8HVP Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator

Summary The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration. Impact A...

8.2CVSS6AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/02/06 12:0 a.m.5 views

Beyond Crash: Hijacking Your Autonomous Vehicle for Fun and Profit

Autonomous Vehicles AVs, especially vision-based AVs, are rapidly being deployed without human operators. As AVs operate in safety-critical environments, understanding their robustness in an adversarial environment is an important research problem. Prior physical adversarial attacks on vision-bas...

5.4AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6001

Malicious code in bioql PyPI...

5.5CVSS7AI score0.00562EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/06/07 12:0 a.m.21 views

Calico vulnerable to pod route hijacking

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

5.5CVSS6.6AI score0.00562EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/07 12:0 a.m.15 views

GHSA-9394-XFQ9-6QRP Calico vulnerable to pod route hijacking

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

5.5CVSS5.4AI score0.00562EPSS
Exploits0References3
NVD
NVD
added 2022/06/06 6:15 p.m.23 views

CVE-2022-28224

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

5.5CVSS0.00562EPSS
Exploits0References1
Prion
Prion
added 2022/06/06 6:15 p.m.17 views

Input validation

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

5.5CVSS7.1AI score0.00562EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2022/06/06 5:19 p.m.95 views

CVE-2022-28224

CVE-2022-28224 affects Calico across clusters using Calico ≤ 3.22.1 and Calico Enterprise ≤ 3.12.0. The issue allows a privileged attacker to set a floating IP annotation on a pod without the feature being enabled, due to insufficient validation, potentially intercepting and rerouting traffic to ...

5.5CVSS5.5AI score0.00562EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2022/06/06 5:19 p.m.28 views

CVE-2022-28224 Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

5.5CVSS6.5AI score0.00562EPSS
Exploits0References1
OSV
OSV
added 2022/06/06 5:19 p.m.5 views

CVE-2022-28224 Calico and Calico Enterprise may be vulnerable to route hijacking with the floating IP feature

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

5.5CVSS6.8AI score0.00562EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/06/06 12:0 a.m.5 views

Tigera Calico 输入验证错误漏洞

Tigera Calico is an open source network security solution for container, virtual machine and host workloads from US-based Tigera. A security vulnerability exists in Tigera Calico version 3.22.1 and earlier, and Calico Enterprise version 3.12.0 and earlier, which stems from vulnerability to route...

5.5CVSS7AI score0.00562EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/01 9:1 p.m.2 views

CVE-2022-28224

Clusters using Calico version 3.22.1 and below, Calico Enterprise version 3.12.0 and below, may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not...

5.5CVSS5.8AI score0.00562EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/05/25 9:47 p.m.74 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.8.41 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a...

6.3CVSS6.6AI score0.00503EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2022/05/25 4:28 a.m.67 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.35 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.35 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...

6.3CVSS6.6AI score0.00503EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2020/04/03 5:16 p.m.71 views

Cloud Providers, CDNs Team Up to Battle Internet Routing Attacks

A group of tech giants – including Akamai, Amazon Web Services, Cloudflare, Facebook, Google, Microsoft and Netflix – are banding together to battle route hijacking, route leaks and IP address-spoofing attacks targeting internet users. They’re coming together under a program was introduced this...

7.5AI score
Exploits0References13
ThreatPost
ThreatPost
added 2013/11/22 2:32 p.m.12 views

Dennis Fisher and Mike Mimoso Discuss Do Not Track, We Are the Cavalry and more

Dennis Fisher and Mike Mimoso discuss the major security stories of the last two weeks, including the BGP route hijacking, why Do Not Track doesn’t work and the We Are the Cavalry movement. Download: digitalunderground135.mp3...

0.4AI score
Exploits0References2
Rows per page
Query Builder