12 matches found
CVE-2023-21893
Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...
Improper Access Control
github.com/clastix/kamaji is vulnerable to Improper Access Control. The vulnerability is due to inadequate use of an "open at the top" range definition in RBAC for etcd roles, which allows some TCPs API servers to read, write, and delete data of other control planes...
CVE-2024-42480
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...
CVE-2024-42480 Kamaji's RBAC Roles for `etcd` are not disjunct
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed i...
Access Restriction Bypass
Oracle ManagedDataAccess is vulnerable to Access Restriction Bypass. The vulnerability exists due to the TCPS protocol stack which allows an attacker with network access to takeover the Oracle Data Provider for .NET...
Access Restriction Bypass
Overview Oracle.ManagedDataAccess.Core is an ADO.NET driver that provides fast data access from Microsoft .NET Core clients to Oracle databases Affected versions of this package are vulnerable to Access Restriction Bypass via the TCPS protocol, that allows component takeover. Remediation Upgrade...
Component takeover in Oracle Data Provider for .NET
Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...
GHSA-5PM2-9MR2-3FRQ Component takeover in Oracle Data Provider for .NET
Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...
CVE-2023-21893
Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...
CVE-2023-21893
Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TCPS to compromise Oracle Data Provider for .NET. Successful...
CVE-2023-21893
CVE-2023-21893 affects the Oracle Data Provider for .NET component of Oracle Database Server (19c and 21c). Root cause: vulnerability in the DP.NET component enabling takeover with network access via TCPS; exploitation requires user interaction (UI:R) and can lead to complete compromise. Remediat...
PT-2023-1244 · Oracle · Oracle Data Provider For .Net +1
Name of the Vulnerable Software and Affected Versions: Oracle Data Provider for .NET versions 19c through 21c Description: The issue is related to insufficient input validation in the Oracle Data Provider for .NET component of Oracle Database Server, allowing an unauthenticated attacker with...