CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

350 matches found

Filippo.io•added 2022/09/29 6:45 p.m.•34 views

age and Authenticated Encryption

age is a file encryption format, tool, and library. It was made to replace one of the last remaining GnuPG use cases, but it was not made to replace GnuPG because in the last 20 years we learned that cryptographic tools work best when they are specialized and opinionated instead of flexible Swiss...

7AI score

Exploits0

NVD•added 2022/09/01 1:15 p.m.•12 views

CVE-2022-38790

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...

5.4CVSS0.00322EPSS

Exploits1References4

OSV•added 2022/09/01 1:15 p.m.•10 views

CVE-2022-38790

5.4CVSS5.8AI score0.00322EPSS

Exploits1References4

ATTACKERKB•added 2022/09/01 1:15 p.m.•1 views

CVE-2022-38790

5.4CVSS5.7AI score0.00322EPSS

Exploits1References5

Prion•added 2022/09/01 1:15 p.m.•10 views

Cross site scripting

4.9CVSS5.2AI score0.00322EPSS

Exploits1References4Affected Software1

CVE•added 2022/09/01 12:55 p.m.•57 views

CVE-2022-38790

Summary : CVE-2022-38790 affects Weave GitOps Enterprise before 0.9.0-rc.5 with a cross-site scripting (XSS) vulnerability in the UI. An attacker can inject a javascript: link into the UI, which, when clicked by a victim, executes with the victim’s permissions. The exposure is surfaced in the Git...

5.4CVSS5.2AI score0.00322EPSS

Exploits1References4Affected Software1

Cvelist•added 2022/09/01 12:55 p.m.•11 views

CVE-2022-38790

5.5AI score0.00322EPSS

Exploits1References4

CNNVD•added 2022/09/01 12:0 a.m.•1 views

Weave GitOps 跨站脚本漏洞

Weave GitOps is a simple open source developer platform open sourced by Weaveworks. A security vulnerability exists in Weave GitOps Enterprise prior to version 0.9.0-rc.5, which stems from having cross-site scripting XSS that allows a malicious user to inject a javascript link into the UI, which...

5.4CVSS5.5AI score0.00322EPSS

Exploits1References5

Positive Technologies•added 2022/09/01 12:0 a.m.•2 views

PT-2022-4593 · Weave · Weave Gitops Enterprise

Name of the Vulnerable Software and Affected Versions: Weave GitOps Enterprise versions prior to 0.9.0-rc.5 Description: The issue is related to a lack of input data sanitization, which can be exploited by a remote attacker to conduct a cross-site scripting XSS attack using a specially crafted...

7.5CVSS5.2AI score0.00322EPSS

Exploits1References8

NVD•added 2022/08/18 7:15 p.m.•9 views

CVE-2022-35976

The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. A specially crafted kubeconfig leads to arbitrary code execution on behalf of the user running VSCode. Users relying on kubeconfigs that are generated or altered by other processes or use...

9.8CVSS0.00363EPSS

Exploits0References1

Prion•added 2022/08/18 7:15 p.m.•14 views

Code injection

7.5CVSS9.6AI score0.00363EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2022/08/18 6:50 p.m.•5 views

CVE-2022-35976 Improper KubeConfig handling allows arbitrary code execution

5.2CVSS9.7AI score0.00363EPSS

Exploits0References1

Cvelist•added 2022/08/18 6:50 p.m.•12 views

CVE-2022-35976 Improper KubeConfig handling allows arbitrary code execution

5.2CVSS9.8AI score0.00363EPSS

Exploits0References1

CVE•added 2022/08/18 6:50 p.m.•75 views

CVE-2022-35976

The CVE concerns the GitOps Tools Extension for VSCode, which uses kubeconfigs to talk to Kubernetes clusters. A specially crafted kubeconfig can cause arbitrary code execution under the user running VSCode. Affected users are those with kubeconfigs generated or altered by other processes/users; ...

9.8CVSS7.8AI score0.00363EPSS

Exploits0References1Affected Software1

OSV•added 2022/08/18 6:50 p.m.•8 views

CVE-2022-35976 Improper KubeConfig handling allows arbitrary code execution

5.2CVSS9.3AI score0.00363EPSS

Exploits0References3

NVD•added 2022/08/18 6:15 p.m.•13 views

CVE-2022-35975

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux object may allow for remote code execution in the machine running the extension, in the context of the user that is running VSCode. Users using the VSCode extension to manage clusters that ar...

9.8CVSS0.01255EPSS

Exploits0References1

Prion•added 2022/08/18 6:15 p.m.•12 views

Remote code execution

7.5CVSS9.6AI score0.01255EPSS

Exploits0References1Affected Software1

CVE•added 2022/08/18 5:55 p.m.•72 views

CVE-2022-35975

CVE-2022-35975 affects the GitOps Tools Extension for VSCode. A specially crafted Flux object can cause remote code execution on the machine running VSCode in the context of the user, impacting users managing clusters shared among multiple users. The issue is described as improper object validati...

9.8CVSS9.6AI score0.01255EPSS

Exploits0References1Affected Software1

OSV•added 2022/08/18 5:55 p.m.•9 views

CVE-2022-35975 Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode

9CVSS9.5AI score0.01255EPSS

Exploits0References3

Cvelist•added 2022/08/18 5:55 p.m.•18 views

CVE-2022-35975 Improper object validation allows for arbitrary code execution in GitOps Tools Extension for VSCode

9CVSS9.9AI score0.01255EPSS

Exploits0References1

Rows per page