Lucene search
+L

1198 matches found

RedHat Linux
RedHat Linux
added 2021/11/23 10:34 a.m.3 views

mongo-java-driver: client-side field level encryption not verifying KMS host name

Specific versions of the Java driver that support client-side field level encryption CSFLE fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffi...

6.8CVSS5.8AI score0.00432EPSS
Exploits0References4
Kitploit
Kitploit
added 2021/10/30 11:30 a.m.17 views

GC2 - A Command And Control Application That Allows An Attacker To Execute Commands On The Target Machine Using Google Sheet And Exfiltrate Data Using Google Drive

GC2 Google Command and Control is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive. Why This program has been developed in order to provide a command and control that does not require any...

7.9AI score
Exploits0References1
Kitploit
Kitploit
added 2021/10/16 8:30 p.m.68 views

Domain-Protect - Protect Against Subdomain Takeover

Protect Against Subdomain Takeover scans Amazon Route53 across an AWS Organization for domain records vulnerable to takeover vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP deploy to security audit account scan your entire AWS Organization receive alerts by Slack ...

7.3AI score
Exploits0References8
Veracode
Veracode
added 2021/10/13 4:51 a.m.7 views

Privilege Escalation

github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability exists due to the unexpected interaction between glob-related policies and the google cloud secrets engine, which allows an attacker with read permission to read all the rolesets and perform unauthorized actions...

8.1CVSS6.5AI score0.00755EPSS
Exploits0References3Affected Software1
Veeam
Veeam
added 2021/10/13 12:0 a.m.16 views

Release Information for Veeam Backup for Google Cloud Platform v2 Patch 1

Requirements Before installing this patch, please confirm that you are running Veeam Backup for Google Cloud Platform v2 build 2.0.0.530. You can check your build number under Configuration | Support Information | About | Server version by clicking the gear icon at the top-right corner of the mai...

6.8AI score
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/12 6:41 p.m.39 views

Incorrect Privilege Assignment in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1CVSS4.2AI score0.00755EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2021/10/12 6:41 p.m.97 views

GHSA-362V-WG5P-64W2 Incorrect Privilege Assignment in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1CVSS7.8AI score0.00755EPSS
Exploits0References4
NVD
NVD
added 2021/10/11 3:15 a.m.50 views

CVE-2021-42135

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1CVSS0.00755EPSS
Exploits0References1
OSV
OSV
added 2021/10/11 3:15 a.m.18 views

CVE-2021-42135

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2021/10/11 3:15 a.m.18 views

Design/Logic Flaw

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

4.9CVSS7.8AI score0.00755EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/10/11 3:15 a.m.3 views

CVE-2021-42135

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1CVSS7.2AI score0.00755EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/10/11 2:52 a.m.52 views

CVE-2021-42135

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1AI score0.00755EPSS
Exploits0References1
CVE
CVE
added 2021/10/11 2:52 a.m.88 views

CVE-2021-42135

CVE-2021-42135 affects HashiCorp Vault and Vault Enterprise 1.8.x–1.8.4, describing an unexpected interaction between glob-related policies and the Google Cloud secrets engine. The root cause is a policy-glob interaction that may grant more privileges than intended, e.g., a user with read access ...

8.1CVSS7.7AI score0.00755EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/10/11 12:0 a.m.15 views

Hashicorp HashiCorp Vault 安全漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, USA. A security vulnerability exists in HashiCorp Vault andVault Enterprise versions 1.8.0 through 1.8.4, which stems from the possibility of unexpected interactions between the software's globally relevan...

8.1CVSS7.6AI score0.00755EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/10/11 12:0 a.m.4 views

PT-2021-23554 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.8.x through 1.8.4 Description: The issue is related to an unexpected interaction between glob-related policies and the Google Cloud secrets engine. This may result in users having more privilege...

8.1CVSS6.7AI score0.00755EPSS
Exploits0References11
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2021/10/07 8:55 p.m.7 views

Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards

Summary The Google Cloud secrets engine in Vault or Vault Enterprise “Vault” 1.8.0 and above may provide users, under specific conditions, with more privileges than in prior versions. Due to changes in the underlying functionality of the Google Cloud secrets engine, policies that use globs may...

8.1CVSS6.9AI score0.00755EPSS
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2021/09/23 12:0 a.m.21 views

Virtual Event: Google Cloud Next | October 12 – 14

Level-up your skills and uncover what’s next for cloud by registering for the virtual Google Cloud Next conference starting Oct. 12, 2021...

2.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/09/22 3:28 p.m.22 views

Imperva An Eight-Time Magic Quadrant Leader for Web Application and API Protection

2021 has seen a lot of change. Billionaires now go where only governments and Red Bull gimmicks could go before. The 2020 Olympics didn’t take place in 2020. Tom Brady won his 7th Super Bowl for a completely new franchise those of you in the US get this reference. Similar change in application...

0.4AI score
Exploits0
Ubuntu
Ubuntu
added 2021/09/17 6:27 a.m.178 views

USN-5073-2: Linux kernel (GCP) vulnerabilities

Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory...

8.8CVSS7.3AI score0.00687EPSS
Exploits2
ThreatPost
ThreatPost
added 2021/08/12 8:30 p.m.230 views

Black Hat: Novel DNS Hack Spills Confidential Corp Data

LAS VEGAS – Amazon and Google patched a domain name service DNS bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed web resources. The vulnerability, outlined in a Black Hat USA 20...

7.3AI score
Exploits0References4
Rows per page
Query Builder