Lucene search
+L

27 matches found

CVE
CVE
added 2026/03/26 1:23 p.m.31 views

CVE-2026-33343

etcd: Nested transactions bypass RBAC checks allow an authenticated user with restricted key-range permissions to bypass key-level authorization and access the entire data store. Affected versions are prior to 3.4.42, 3.5.28, and 3.6.9. A patch exists in these series; upgrading to 3.4.42, 3.5.28,...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/26 1:23 p.m.4 views

CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

6.5CVSS5.8AI score0.0021EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC...

6.5CVSS5.5AI score0.0021EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 8:34 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the CheckTxnAuth function. A user with RBAC restricted permissions on key ranges can gain unauthorized access to the entire data store by bypassing key-level authorization checks using nested transactions...

7.1CVSS5.8AI score0.0021EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/20 8:34 p.m.7 views

etcd: Nested etcd transactions bypass RBAC authorization checks

Impact What kind of vulnerability is it? Who is impacted? An authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with direct access to etcd to effectively ignore all key range...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References3Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.5 views

SUSE CVE-2012-0469

Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to...

10CVSS9.4AI score0.0737EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2012/04/24 7:49 p.m.5 views

Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22)

Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to...

10CVSS7.8AI score0.0737EPSS
Exploits0References4
Rows per page
Query Builder