15 matches found
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which arises from the situation where configuring MACsec and outbound ACLs on the same interface may cause the ACL...
Apache Fesod 安全漏洞
Apache Fesod is a high-performance spreadsheet file reading and writing library developed by the Apache Foundation in the United States. Versions of Apache Fesod prior to 2.0.2-incubating contained security vulnerabilities. These vulnerabilities were caused by a request forgeing issue in the...
CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access
Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...
MAL-2026-4713 Malicious code in wdb-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ddd306d024c4dd394d19c1adb610389f239fa619d25fff4f75b857a678da0ee package.json declares "preinstall": "./vendor/setup", which on every npm install invokes a 976568-byte Linux x86 ELF binary shipped inside the packag...
Improper Access Control
Cilium is vulnerable to improper access control. The vulnerability is due to missing validation of non-existent or unattached AWS security group IDs in egress policies, which allows an attacker to gain broader outbound network access than intended by the policy configuration...
SUSE CVE-2025-64715
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...
CVE-2025-64715
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...
CVE-2025-64715
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...
CVE-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...
PT-2025-48349
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...
Cilium 访问控制错误漏洞
Cilium is an open source software from Cilium Open Source. It is used to provide and transparently protect network connectivity and load balancing between application workloads such as application containers or processes. An Access Control Error vulnerability exists in Cilium versions prior to...
EUVD-2022-4347
Malicious code in bioql PyPI...
PT-2024-4321
Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions 2023.0.0 through 2023.0.10 MOVEit Transfer versions 2023.1.0 through 2023.1.5 MOVEit Transfer versions 2024.0.0 through 2024.0.1 Description The issue is related to an Improper Authentication vulnerability in the SFTP...
X (Formerly Twitter): XXE on sms-be-vip.twitter.com in SXMP Processor
Hi team, What type of issue are you reporting? Does it align to a CWE or OWASP issue? I've identified an XXE vulnerability in the cloudhopper sxmp servlet on sms-be-vip.twitter.com which discloses local files to an external attacker and allows web requests to be sent. This aligns to...
Apple QuickTime RTSP Response message Reason-Phrase buffer overflow vulnerability
Overview Apple QuickTime contains a buffer overflow vulnerability that may allow a remote, unauthenticated attacker to cause a denial-of-service condition and possibly execute arbitrary code. Description Real Time Streaming Protocol RTSP is a protocol that is used by streaming media systems. Appl...