GHSA-HMQF-WPQ9-JQ83 Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

Spring Security Missing Authorization vulnerability

Missing Authorization When Using @AuthorizeReturnObject in Spring Security 6.3.0 and 6.3.1 allows attacker to render security annotations inaffective...

Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware that provide illustrative security for Spring-based applications. A security vulnerability exists in Spring Security versions 6.3.0 and 6.3.1, which stems from a lack of authorization when using @AuthorizeReturnObject, and allows ...

The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx, related to errors in processing Ingress object annotations, allows a hacker to increase their privileges.

The vulnerability of the ingress controller in the Kubernetes cluster ingress-nginx is related to errors in processing Ingress object annotations. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

BIT-HUBBLE-UI-BACKEND-2023-41332

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

BIT-CILIUM-PROXY-2023-41332

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

ZenUML Security Vulnerabilities

ZenUML is a JavaScript-based charting tool open-sourced by ZenUML. A security vulnerability exists in ZenUML prior to version 3.23.25 that stems from Markdown text that is currently not cleaned up prior to rendering, allowing an attacker to enter a malicious load for annotations that could lead t...

OPENSUSE-SU-2024:12100-1 jackson-annotations-2.13.0-3.1 on GA media

These are all security issues fixed in the jackson-annotations-2.13.0-3.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12949-1 jetty-annotations-9.4.51-1.1 on GA media

These are all security issues fixed in the jetty-annotations-9.4.51-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13724-1 jetty-annotations-9.4.54-1.1 on GA media

These are all security issues fixed in the jetty-annotations-9.4.54-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10878-1 jetty-annotations-9.4.43-1.2 on GA media

These are all security issues fixed in the jetty-annotations-9.4.43-1.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13329-1 jetty-annotations-9.4.53-1.1 on GA media

These are all security issues fixed in the jetty-annotations-9.4.53-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12182-1 jetty-annotations-9.4.48-1.1 on GA media

These are all security issues fixed in the jetty-annotations-9.4.48-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-5307

Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target mus...

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, arises from improper elimination of certain elements. This allows an attacker to perform arbitrary actions on the host system.

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, stems from the ability to introduce arbitrary properties through the Pod annotations of systemd. Exploiting this vulnerability allows a...

SUSE CVE-2024-27404

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remoteid Similar to the previous patch, address the data race on remoteid, adding the suitable ONCE annotations...

CVE-2024-27404

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remoteid Similar to the previous patch, address the data race on remoteid, adding the suitable ONCE annotations...

DEBIAN-CVE-2024-27404

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remoteid Similar to the previous patch, address the data race on remoteid, adding the suitable ONCE annotations...

UBUNTU-CVE-2024-27404

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remoteid Similar to the previous patch, address the data race on remoteid, adding the suitable ONCE annotations...

BIT-CILIUM-2023-41332 Denial of service via Kubernetes annotations in specific Cilium configurations

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...