3 matches found
Vault Operators in Root Namespace May Elevate Their Privileges
Summary A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. This vulnerability, identified as CVE-2024-9180, is fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18....
Entity cache - Critical - Information disclosure - SA-CONTRIB-2023-046
Entity Cache puts core entities into Drupal's cache API. A recent release of the module does not sanitize certain inputs appropriately. This can lead to unintended behavior when wildcard characters are included in the input. The impact of this bug should be relatively minor in most configurations...
elinks: entity_cache static array buffer overflow (off-by-one)
Buffer overflow in entitycache in ELinks before 0.11.4rc0 allows remote attackers to cause a denial of service crash via a crafted link...