27 matches found
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...
CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS
Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...
CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS
Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...
EUVD-2015-6289
Malware in sbrugna...
EUVD-2016-2389
Malware in sbrugna...
EUVD-2016-2401
Malware in sbrugna...
EUVD-2015-6290
Malware in sbrugna...
BIT-WILDFLY-2021-3503
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...
Cisco Application Policy Infrastructure Controller Access Control (CVE-2016-1302)
Cisco Application Policy Infrastructure Controller APIC devices with software before 1.03h and 1.1 before 1.11j and Nexus 9000 ACI Mode switches with software before 11.03h and 11.1 before 11.11j allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka...
GHSA-C4R5-XVGW-2942 Metrics exposure in Wildfly
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data...
Metrics exposure in Wildfly
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data...
CVE-2021-3503
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...
CVE-2021-3503
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...
CVE-2021-3503
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality...
CVE-2016-1406
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...
Design/Logic Flaw
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...
CVE-2016-1406
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID...
CVE-2016-1290
The web API in Cisco Prime Infrastructure 1.2.0 through 2.22 and Cisco Evolved Programmable Network Manager EPNM 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227...
Design/Logic Flaw
The password-management administration component in Cisco Policy Suite CPS 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211...
CVE-2016-1357
The password-management administration component in Cisco Policy Suite CPS 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0 allows remote attackers to bypass intended RBAC restrictions and read unspecified data via unknown vectors, aka Bug ID CSCut85211...