Lucene search
K

20 matches found

NVD
NVD
added 2024/08/08 10:15 a.m.20 views

CVE-2024-4784

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy...

5.4CVSS0.00268EPSS
Exploits0References2
OSV
OSV
added 2024/08/08 10:2 a.m.12 views

CVE-2024-4784 Authentication Bypass by Primary Weakness in GitLab

An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy...

4.2CVSS6.6AI score0.00268EPSS
Exploits0References5
OSV
OSV
added 2024/07/01 11:16 a.m.17 views

BIT-HUBBLE-UI-2023-41333

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...

8.1CVSS7.1AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2024/05/24 7:21 p.m.28 views

BIT-HUBBLE-RELAY-2023-41333 Bypass of namespace restrictions in CiliumNetworkPolicy

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...

8.1CVSS7.1AI score0.00408EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.30 views

RHEL 8 : nodejs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - nodejs: Unitialized buffer due to incorrect encoding CVE-2017-15897 - nodejs: integrity checks according ...

7.6AI score0.03906EPSS
Exploits1References8
GithubExploit
GithubExploit
added 2024/04/22 10:14 p.m.343 views

Exploit for Path Traversal in Jetbrains Teamcity

RCity - CVE-2024-27198 RCE & Admin Account Creation & CVE-20...

9.8CVSS9.3AI score0.99991EPSS
Exploits25
NVD
NVD
added 2023/09/27 3:19 p.m.37 views

CVE-2023-41333

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...

8.1CVSS7.1AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2023/09/26 8:19 p.m.27 views

CVE-2023-41333 Bypass of namespace restrictions in CiliumNetworkPolicy

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...

6.9CVSS7.6AI score0.00408EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/08/22 7:19 a.m.176 views

CVE-2023-32002

A vulnerability was found in NodeJS. This security issue occurs as the use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Mitigation Mitigation for this issue is either not available or the currently available options...

9.8CVSS9.4AI score0.0143EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/08/08 12:0 a.m.38 views

CentOS 8 : nodejs:18 (CESA-2023:4536)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4536 advisory. - The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/07/21 12:0 a.m.31 views

Fedora 37 : nodejs16 (2023-61e40652be)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-61e40652be advisory. 2023-06-20, Version 16.20.1 'Gallium' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...

7.5CVSS6.8AI score0.03906EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/07/03 8:6 p.m.25 views

CVE-2023-2728 Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field...

6.5CVSS6.6AI score0.02157EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/07/26 9:34 p.m.47 views

CVE-2022-1494

Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page...

6.1CVSS7AI score0.00689EPSS
Exploits1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/15 12:0 a.m.26 views

Authorization bypass in Istio

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...

6.8CVSS4.2AI score0.011EPSS
Exploits1References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/15 12:0 a.m.56 views

Authorization bypass in Istio

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...

6.8CVSS4.2AI score0.011EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2020/10/01 5:15 p.m.18 views

Code injection

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes e.g. -some-suffix for source principals or namespace fields, callers will never be denied access, bypassing the intended policy...

4.9CVSS6.6AI score0.011EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/06/19 6:15 p.m.16 views

CVE-2018-21252

An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups...

4.3CVSS7.1AI score
Exploits0References1
NVD
NVD
added 2020/02/14 7:15 p.m.15 views

CVE-2020-8843

An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a...

7.4CVSS7.4AI score0.01065EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/07/23 3:0 p.m.16 views

CVE-2018-6683 - Data Loss Prevention (DLP) for Windows - Exploiting Incorrectly Configured Access Control Security Levels vulnerability

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention DLP for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline...

7.2CVSS7.3AI score0.00303EPSS
Exploits0References1
exploitpack
exploitpack
added 2012/07/10 12:0 a.m.31 views

Checkpoint Abra - Multiple Vulnerabilities

Checkpoint Abra - Multiple Vulnerabilities Check Point Abra Vulnerabilities Author: Belov V., Komarov A. Group-IB, http://group-ib.ru Vendor: Check Point Software Technologies Ltd Product web page: http://rus.checkpoint.com/products/abra/index.html; http://www.checkpoint.com/products/go/ Platform...

0.6AI score
Exploits0
Rows per page
Query Builder