Ash has authorization bypass when bypass policy condition evaluates to true

Summary Bypass policies incorrectly authorize requests when their condition evaluates to true but their authorization checks fail and no other policies apply. Impact Resources with bypass policies can be accessed without proper authorization when: - Bypass condition evaluates to true - Bypass...

AWS VDP: A potential risk in the aws-lambda-ecs-run-task which can be used to privilege escalation.

The aws-lambda-ecs-run-task application created a function with a role that had excessive permissions, including the AdministratorAccess policy. This allowed for potential privilege escalation by an attacker...

Cilium Security Vulnerabilities

Cilium is an open source software. It is used to provide and transparently protect network connectivity and load balancing between application workloads such as application containers or processes. Cilium suffers from a security vulnerability that stems from the fact that HTTP policies are not...

CVE-2021-39769

In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact

The dogetmempolicy function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service DoS or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out...