27 matches found
CVE-2026-41413
A flaw was found in Istio. When a RequestAuthentication resource is created with a jwksUri JSON Web Key Set Uniform Resource Identifier that points to an internal service, istiod the Istio control plane daemon makes an unauthenticated HTTP GET request to that URL. This request does not properly...
CVE-2026-44774 Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...
Traefik 访问控制错误漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...
CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
GHSA-QHJ7-V7H7-Q4C7 Glances Vulnerable to Command Injection via Dynamic Configuration Values
Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented without validation or restriction of the executed commands. If an attacker can...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded processing of responses in the ForwardAuth middleware due to the lack of restrictions for maxResponseBodySize configuration. An attacker can cause resource exhaustion...
CVE-2026-2964
CVE-2026-2964 affects higuma web-audio-recorder-js (versions 0.1 and 0.1.1). The root cause is a flaw in the framework’s Dynamic Config Handling within the library file lib/WebAudioRecorder.js: the affected function, extend, permits improper modification of object prototype attributes (prototype ...
EUVD-2018-1156
Malware in sbrugna...
ai.faculty:dynamic-configuration_2.11 (>=0.3.2 <=0.3.3), ai.faculty:dynamic-configuration_2.13 (=0.4.0) +5487 more potentially affected by CVE-2024-21634 via software.amazon.ion:ion-java (>=1.0.0 <=1.5.1)
software.amazon.ion:ion-java MAVEN version =1.0.0, =0.3.2, =3.32.1.6, =3.32.1.6-1-2.1, =3.32.1.6-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =0.5.0, =23.9.0, =23.9.0, =23.9.0, =23.9.1 and more Source cves: CVE-2024-21634 Source...
CVE-2023-29552
The Service Location Protocol SLP, RFC 2608 allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor...
SUSE CVE-2020-11903
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read...
The vulnerability of the software, which provides a DHCP dynamic configuration service on the network, is related to the escape from memory buffers. This allows an attacker to cause a service failure.
The vulnerability of the software, which provides a dynamic configuration service for DHCP hosts on the network, is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
R77-Rootkit - Fileless Ring 3 Rootkit With Installer And Persistence That Hides Processes, Files, Network Connections, Etc...
Ring 3 rootkit r77 is a ring 3 Rootkit that hides following entities from all processes: Files, directories, junctions, named pipes, scheduled tasks Processes CPU usage Registry keys & values Services TCP & UDP connections It is compatible with Windows 7 and Windows 10 in both x64 and x86 edition...
Input validation
A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...
CVE-2018-0333
A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...
CVE-2018-0333
A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...
CVE-2018-0333
A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...
CVE-2018-0333
Cisco FireSIGHT System Software contains a VPN configuration management vulnerability that allows an unauthenticated, remote attacker to bypass VPN policies. Root cause: incorrect handling of configured interface names and VPN parameters during dynamic CLI configuration changes, enabling an attac...
CVE-2018-0333
A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic configuration changes that could allow an attacker to bypass configured policies. The vulnerabili...
Brazilian Banking Trojan Communicates Via Microsoft SQL Server
Researchers have discovered a banking trojan making waves in Brazil with an array of tricks up its sleeve, including using an unusual command and control C&C server and a full-screen social-engineering overlay form. Researchers at IBM X-Force research on Tuesday revealed that attackers are using...