149 matches found
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: helm-operator-fips, nfs-subdir-external-provisioner-fips, cass-operator-fips-no-pvc-delete, gomplate, crossplane-provider-aws-kms, trust-manager, kube-rbac-proxy-fips, prometheus-node-exporter, osv-scanner, caddy-fips, flux-image-automation-controller,...
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: grpcurl, terraform-docs, sbom-scorecard, nerdctl, clusterctl, s5cmd, cert-exporter, kubewatch, velero, nuclei, flux-helm-controller, capslock, task, crossplane-provider-azure, ip-masq-agent, gobuster, litefs, nri-nagios, kustomize, direnv, docker-credential-ecr-login...
New attack vectors in EKS
We explore how advancements in EKS Access Entries and Pod Identity have opened new attack vectors and offer examples of how adversaries could exploit them...
New EKS Access Management and Pod Identity features: a security analysis
The Wiz research team unpacks the security implications of the new EKS access and identity management features and recommends best practices when using them...
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: prometheus-blackbox-exporter, kiam, cortex, terraform-provider-sendgrid-fips, dynamic-localpv-provisioner-fips, src, conftest-fips, kubescape, prometheus-adapter-fips, k3d, prometheus-stackdriver-exporter, slsa-verifier, buildkitd, kubeflow, vault-csi-provider,...
IMDShift - Automates Migration Process Of Workloads To IMDSv2 To Avoid SSRF Attacks
AWS workloads that rely on the metadata endpoint are vulnerable to Server-Side Request Forgery SSRF attacks. IMDShift automates the migration process of all workloads to IMDSv2 with extensive capabilities, which implements enhanced security measures to protect against these attacks. Features...
CVE-2023-3978 vulnerabilities
Vulnerabilities for packages: prometheus-blackbox-exporter, prometheus-mongodb-exporter, nfs-subdir-external-provisioner-fips, nfs-subdir-external-provisioner, gomplate, dive, falcoctl, trust-manager, pulumi, volume-modifier-for-k8s-fips, prometheus-node-exporter, flux-image-automation-controller...
CVE-2023-2959
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users. This issue affects Oliva Expertise EKS: before 1.2...
CVE-2023-2963
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2...
CVE-2023-2963
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2...
CVE-2023-2960
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting XSS. This issue affects Oliva Expertise EKS: before 1.2...
CVE-2023-2963
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2...
CVE-2023-2959
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users. This issue affects Oliva Expertise EKS: before 1.2...
CVE-2023-2959
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2...
CVE-2023-2960
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting XSS. This issue affects Oliva Expertise EKS: before 1.2...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting XSS.This issue affects Oliva Expertise EKS: before 1.2...
CVE-2023-2963 SQLi in Oliva Expertise
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2...
CVE-2023-2963
CVE-2023-2963 is a SQL Injection vulnerability in Oliva Expertise EKS, caused by improper neutralization of special elements in SQL commands. Affected product: Oliva Expertise EKS prior to version 1.2. Impact described in connected records: high confidentiality, integrity, and availability risks ...
CVE-2023-2963 SQLi in Oliva Expertise
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection. This issue affects Oliva Expertise EKS: before 1.2...