16 matches found
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: atlantis, nri-f5, aws-eks-pod-identity-agent, cortex, nodetaint, dbmate, witness, chartmuseum, kubernetes-ingress-defaultbackend, vt-cli, podman, vertical-pod-autoscaler, apko, pgpool2exporter, boring-registry, helm-set-status, cloudnative-pg, hugo, k8s-device-plugin...
CLEANSTART-2026-HK71313 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw applied in versions: 0.12.0-r0, 0.12.0-r1, 0.12.0-r2
Multiple security vulnerabilities affect the kserve-rest-proxy package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2021-35483
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...
CVE-2021-35485
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
EUVD-2021-22125
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
PT-2026-22760
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: linkerd2-proxy-init, dagdotdev, custom-pod-autoscaler-operator, lvm-driver, php-fpmexporter, kube-vip, mongodb-kubernetes-operator, blobfuse2, hivemind, newrelic-fluent-bit-output, vexctl, vault-k8s, falco, grafana-operator, rancher-machine, kuberay-operator,...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: docker-credential-ecr-login, custom-pod-autoscaler-operator, container-object-storage-interface, secrets-store-csi-driver-provider-aws, shfmt, gitsign, knative-eventing, kube-logging-operator-custom-runner-fips, cloud-provider-aws, newrelic-fluent-bit-output,...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: docker-credential-ecr-login, custom-pod-autoscaler-operator, container-object-storage-interface, secrets-store-csi-driver-provider-aws, shfmt, gitsign, knative-eventing, kube-logging-operator-custom-runner-fips, cloud-provider-aws, newrelic-fluent-bit-output,...
GNOME librest Denial of Service Vulnerability
GNOME librest is a RESTful Software Architecture Style web service helper library for the GNOME project. A security vulnerability exists in the Oauth implementation of GNOME librest prior to version 0.7.93, which stems from the program failing to properly truncate the pointer returned by the...
DEBIAN-CVE-2015-2675
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the restproxycallgeturl function, which allows remote attackers to cause a denial of service application crash via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interfa...
GNOME librest 'rest_proxy_call_get_url()' memory corruption vulnerability
GNOME librest is a RESTful software architecture style web service helper library for the GNOME project. A memory corruption vulnerability exists in GNOME librest. An attacker could use this vulnerability to execute arbitrary code in the context of an application, which could also result in a...