GHSA-QXP5-GWG8-XV66 vulnerabilities

Vulnerabilities for packages: opentelemetry-operator, openfga, k3d, terraform-provider-grafana, spicedb, croc, prometheus, ko, victoriametrics, eksctl, cert-manager, cert-manager-cmctl, envoy-ratelimit, kube-bench, promxy, seaweedfs, clusterctl, crossplane-provider-aws-iam, spegel,...

CVE-2024-45336 vulnerabilities

Vulnerabilities for packages: kapp, restic-fips, http-echo, kube-bench, postgres-operator-fips, rabbitmq-messaging-topology-operator, kube-state-metrics, kapp-controller-fips, rclone-fips, git-lfs, fq, prometheus-beat-exporter-fips, flux-kustomize-controller-fips, kserve-modelmesh-serving,...

PT-2024-32715 · Unknown · Shilpi Client Dashboard

Name of the Vulnerable Software and Affected Versions: Shilpi Client Dashboard affected versions not specified Description: This issue is due to missing restrictions for incorrect login attempts on the API-based login of the Shilpi Client Dashboard. A remote attacker could exploit this by...

SUSE CVE-2022-21947

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API steve to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V...

CVE-2022-21947

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API steve to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V...

CVE-2022-21947

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API steve to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V...

CVE-2022-21947

The CVE-2022-21947 entry concerns SUSE Rancher Desktop (Rancher Desktop) with an exposure of the Dashboard API (steve) to the local network. Affected: Rancher Desktop versions prior to V. Root cause: Exposure of Resource to Wrong Sphere vulnerability allows a local-network attacker to connect to ...

CVE-2022-21947 rancher desktop: Dashboard API is network accessible

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API steve to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V...

PT-2022-15197 · Suse · Suse Rancher Desktop

Name of the Vulnerable Software and Affected Versions: SUSE Rancher Desktop versions prior to V. Description: A vulnerability in SUSE Rancher Desktop allows attackers in the local network to connect to the "Dashboard API steve" to carry out arbitrary actions due to improper access control...

CVE-2022-21947

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API steve to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V...

Drobo 5N2 Improper Access Control Vulnerability

Drobo 5N2 NAS is a networked storage appliance NAS from Drobo, USA. The device has features such as data sharing, data backup, remote access and disaster recovery.Dashboard API is one of the dashboard components. An improper access control vulnerability exists in the Dashboard API in Drobo 5N2 NA...

CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

CVE-2018-14709

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...

Authentication flaw

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...

CVE-2018-14709

Incorrect access control in the Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to bypass authentication due to insecure token generation...

CVE-2018-14708

An insecure transport protocol used by Drobo Dashboard API on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to intercept network traffic...

CVE-2018-14708

CVE-2018-14708 affects Drobo 5N2 NAS with Drobo Dashboard API (version 4.0.5-13.28.96115). The vulnerability arises from using an insecure transport protocol, enabling attackers to intercept network traffic to/from the API. Publicly cited entries (NVD/CNVD) confirm network-interception impact; CV...