Lucene search
K

27 matches found

Snyk
Snyk
added 2026/03/18 4:41 a.m.9 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
OSV
OSV
added 2026/03/18 3:14 a.m.10 views

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS6.3AI score0.00297EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/18 3:14 a.m.4 views

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS5.8AI score0.00297EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-6289

Malware in sbrugna...

4CVSS6.4AI score0.0137EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-2389

Malware in sbrugna...

8.1CVSS8.1AI score0.01493EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-2401

Malware in sbrugna...

9CVSS8.8AI score0.0216EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-6290

Malware in sbrugna...

4CVSS6.4AI score0.01368EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:8 a.m.11 views

BIT-WILDFLY-2021-3503

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...

4.3CVSS4.3AI score0.01046EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.21 views

Cisco Application Policy Infrastructure Controller Access Control (CVE-2016-1302)

Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...

9CVSS8.1AI score0.0216EPSS
Exploits0References3
OSV
OSV
added 2022/04/19 12:0 a.m.27 views

GHSA-C4R5-XVGW-2942 Metrics exposure in Wildfly

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data...

4.3CVSS4.3AI score0.01046EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/04/19 12:0 a.m.33 views

Metrics exposure in Wildfly

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data...

4.3CVSS5AI score0.01046EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/04/18 5:15 p.m.23 views

CVE-2021-3503

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...

4.3CVSS4.5AI score0.01046EPSS
Exploits0References5
NVD
NVD
added 2022/04/18 5:15 p.m.41 views

CVE-2021-3503

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...

4.3CVSS0.01046EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/04/18 4:20 p.m.34 views

CVE-2021-3503

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...

4.7AI score0.01046EPSS
Exploits0References5
NVD
NVD
added 2016/05/25 1:59 a.m.24 views

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

8.8CVSS8.4AI score0.0162EPSS
Exploits0References2
Prion
Prion
added 2016/05/25 1:59 a.m.17 views

Design/Logic Flaw

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

6.5CVSS6.8AI score0.0162EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2016/05/25 1:0 a.m.33 views

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...

8.5AI score0.0162EPSS
Exploits0References2
NVD
NVD
added 2016/04/06 11:59 p.m.20 views

CVE-2016-1290

The web API in Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227...

8.1CVSS7.9AI score0.01493EPSS
Exploits0References2
Prion
Prion
added 2016/03/03 10:59 p.m.14 views

Design/Logic Flaw

The password-management administration component in Cisco Policy Suite CPS 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211...

5CVSS7.2AI score0.01114EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2016/03/03 10:0 p.m.22 views

CVE-2016-1357

The password-management administration component in Cisco Policy Suite CPS 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211...

5.3AI score0.01114EPSS
Exploits0References1
Rows per page
Query Builder