16 matches found
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: dbmate, temporal-ui-server, cert-manager, nri-nginx, thanos-operator, infinispan-operator, aws-eks-pod-identity-agent, rancher-fleet, incert, vendir, redka, vault-k8s, timoni, amazon-k8s-cni, mc, timescaledb-parallel-copy, falcoctl, hcloud, sftpgo-plugin-eventsearch,...
CLEANSTART-2026-HK71313 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-qxp5-gwg8-xv66, ghsa-vvgc-356p-c3xw applied in versions: 0.12.0-r0, 0.12.0-r1, 0.12.0-r2
Multiple security vulnerabilities affect the kserve-rest-proxy package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2021-35483
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...
CVE-2021-35485
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
EUVD-2021-22125
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
PT-2026-22760
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: bank-vaults, ctop, modelmesh-runtime-adapter, blobfuse2, cloud-provider-aws, newrelic-nri-statsd, mongodb-kubernetes-operator, shfmt, kserve-rest-proxy, confluent-common-docker, vexctl, checksec, kube-vip, terraform-provider-time, sftpgo-plugin-pubsub, nats,...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: grafana-operator, nemo, docker-credential-ecr-login, karma-fips, memcached-exporter-fips, karpenter-fips, kube-logging-operator-custom-runner-fips, knative-eventing-fips, custom-pod-autoscaler-operator, dagdotdev, octo-sts, cluster-autoscaler-fips,...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: grafana-operator, nemo, docker-credential-ecr-login, karma-fips, memcached-exporter-fips, karpenter-fips, kube-logging-operator-custom-runner-fips, knative-eventing-fips, custom-pod-autoscaler-operator, dagdotdev, octo-sts, cluster-autoscaler-fips,...
GNOME librest Denial of Service Vulnerability
GNOME librest is a RESTful Software Architecture Style web service helper library for the GNOME project. A security vulnerability exists in the Oauth implementation of GNOME librest prior to version 0.7.93, which stems from the program failing to properly truncate the pointer returned by the...
DEBIAN-CVE-2015-2675
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the restproxycallgeturl function, which allows remote attackers to cause a denial of service application crash via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interfa...
GNOME librest 'rest_proxy_call_get_url()' memory corruption vulnerability
GNOME librest is a RESTful software architecture style web service helper library for the GNOME project. A memory corruption vulnerability exists in GNOME librest. An attacker could use this vulnerability to execute arbitrary code in the context of an application, which could also result in a...