Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2023/06/05 5:10 p.m.34 views

Kyverno resource with a deletionTimestamp may allow policy circumvention

Impact In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation occurs as resources pending deletion were bei...

6.5CVSS6.8AI score0.00497EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/06/05 5:10 p.m.20 views

GHSA-HQ4M-4948-64CC Kyverno resource with a deletionTimestamp may allow policy circumvention

Impact In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation occurs as resources pending deletion were bei...

6.5CVSS6.3AI score0.00497EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/06/01 4:24 p.m.7 views

CVE-2023-34091 Kyverno resource with a deletionTimestamp may allow policy circumvention

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

6.5CVSS7.1AI score0.00497EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/01 4:24 p.m.47 views

CVE-2023-34091 Kyverno resource with a deletionTimestamp may allow policy circumvention

Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the deletionTimestamp field defined can bypass validate, generate, or mutate-existing policies, even in cases where the validationFailureAction field is set to Enforce. This situation...

6.5CVSS6.7AI score0.00497EPSS
Exploits0References2
Prion
Prion
added 2023/03/28 3:15 p.m.41 views

Default configuration

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5CVSS6.4AI score0.01583EPSS
Exploits0References9Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Opera 7.20 Mail Client Policy Circumvention Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8254/info The Opera M2 Mail Client is vulnerable to a policy circumvention issue that could allow information to be disclosed to a remote attacker. It is possible for an attacker to bypass the option to suppress the viewi...

7.1AI score
Exploits0
Oracle linux
Oracle linux
added 2008/02/28 12:0 a.m.51 views

Moderate: dbus security update

1.0.0-6.3.el51 - CVE-2008-0595: D-Bus security policy circumvention - Resolves: 432437 1.0.0-6.el51 - CVE-2006-6107: D-Bus denial of service - Resolves: 219601...

4.6CVSS2.4AI score0.00408EPSS
Exploits2
exploitpack
exploitpack
added 2003/07/23 12:0 a.m.18 views

Opera 7.20 - Mail Client Policy Circumvention

Opera 7.20 - Mail Client Policy Circumvention source: https://www.securityfocus.com/bid/8254/info The Opera M2 Mail Client is vulnerable to a policy circumvention issue that could allow information to be disclosed to a remote attacker. It is possible for an attacker to bypass the option to suppre...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/07/23 12:0 a.m.25 views

Opera 7.20 - Mail Client Policy Circumvention

source: https://www.securityfocus.com/bid/8254/info The Opera M2 Mail Client is vulnerable to a policy circumvention issue that could allow information to be disclosed to a remote attacker. It is possible for an attacker to bypass the option to suppress the viewing of external embeds. This could...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2002/11/26 12:0 a.m.39 views

Predictable TCP Initial Sequence Numbers

Title: NetScreen Security Alert 51897 Date: 25 November 2002 Description: Predictable TCP Initial Sequence Numbers Impact: Circumvention of Defined Security Policies Affected Products: All firewall/VPN appliances and systems Affected Software Releases: ScreenOS 1.7, 2.6, 2.8, 3.0, 3.1, 4.0 Summar...

Exploits0
Rows per page
Query Builder