Lucene search
+L

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/22 12:46 p.m.2 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 12:46 p.m.9 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5412

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS5.5AI score0.00445EPSS
Exploits1References1
NVD
NVD
added 2026/04/10 1:16 p.m.12 views

CVE-2026-5412

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS0.00445EPSS
Exploits1References3
OSV
OSV
added 2026/04/10 12:22 p.m.4 views

CVE-2026-5412 Juju CloudSpec API could leak senstive information

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS6AI score0.00445EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2022/06/10 12:15 p.m.2 views

CVE-2022-32563

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, t...

9.8CVSS7.3AI score0.00763EPSS
Exploits0References3
Rows per page
Query Builder