CVE-2024-52311

The CVE-2024-52311 entry concerns data.all (data-dot-all) where authentication tokens issued via Cognito are not invalidated on user logout. This allows a previously authenticated user to continue making authorized API requests until the Cognito token expires. The available connected documents id...

PT-2023-26583 · Unknown · Special Interest Group Network For Analysis/Liaison

Name of the Vulnerable Software and Affected Versions: Special Interest Group Network for Analysis and Liaison versions 4.4.0 through 4.7.7 Description: The issue allows authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the...

CVE-2021-21600

Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API service. An authorized API user could potentially exploit this vulnerability via the web and desktop user interfaces, leading to denial of service in the manageability path...

Denial Of Service (DoS)

github.com/kubernetes-csi/external-snapshotter is vulnerable to denial of service. A NULL pointer dereference in the snapshot-controller allows an attacker to crash the application via authorized API requests...

CVE-2020-8569

A flaw was found in the Kubernetes snapshot-controller, where it is vulnerable to a denial of service attack via authorized API requests. The snapshot-controller can dereference a NULL pointer when processing a VolumeSnapshot custom resource via an authorized API request with invalid references t...