Lucene search
+L

185 matches found

OSV
OSV
added 2024/03/06 10:53 a.m.39 views

BIT-HELM-2022-36049 Flux2 Helm Controller denial of service

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...

7.7CVSS6.7AI score0.01045EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:51 a.m.9 views

BIT-EJBCA-2021-40088

An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints by verifying that...

5.4CVSS5.4AI score0.0036EPSS
Exploits0References2
OSV
OSV
added 2024/01/30 10:15 a.m.3 views

CVE-2024-1030

A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated...

5.4CVSS3.9AI score0.00368EPSS
Exploits0References2
NVD
NVD
added 2024/01/30 10:15 a.m.25 views

CVE-2024-1030

A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated...

5.4CVSS4.3AI score0.00368EPSS
Exploits0References2
OSV
OSV
added 2024/01/30 6:15 a.m.5 views

CVE-2024-1029

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux"alert'XSS' leads to cross site scripting. The attack may be...

6.1CVSS3.8AI score0.00355EPSS
Exploits0References2
Prion
Prion
added 2024/01/30 6:15 a.m.15 views

Cross site scripting

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux"alert'XSS' leads to cross site scripting. The attack may be...

4CVSS6.4AI score0.00355EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/30 12:0 a.m.5 views

PT-2024-16172 · Cogites · Cogites Ereserv

Name of the Vulnerable Software and Affected Versions: Cogites eReserv version 7.7.58 Description: A vulnerability was found in Cogites eReserv, affecting an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the id argument leads to cross-site scripting. It is possible ...

5.4CVSS4.3AI score0.00368EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.4 views

Cogites eReserv Cross-Site Scripting Vulnerability

Cogites eReserv is an online reservation management software from Cogites. A cross-site scripting vulnerability exists in Cogites eReserv version 7.7.58, which originates from a cross-site scripting vulnerability in the /front/admin/tenancyDetail.php file...

6.1CVSS6.1AI score0.00355EPSS
Exploits0References3
NVD
NVD
added 2023/11/06 7:15 p.m.45 views

CVE-2023-46254

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...

4.3CVSS4.7AI score0.00415EPSS
Exploits0References2
Prion
Prion
added 2023/11/06 7:15 p.m.26 views

Privilege escalation

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...

4CVSS7.2AI score0.00415EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2023/11/06 6:34 p.m.48 views

CVE-2023-46254 Service accounts can see namespaces of other tenants in capsule-proxy

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...

4.3CVSS5AI score0.00415EPSS
Exploits0References2
CVE
CVE
added 2023/11/06 6:34 p.m.61 views

CVE-2023-46254

Capsule-proxy (Capsule Kubernetes multi-tenancy) contains a bug in the RoleBinding reflector that allows ServiceAccount tenants to list Namespaces owned by other tenants when two tenants share the same ServiceAccount name in different namespaces, under specific conditions (capsule-proxy running w...

4.3CVSS4.6AI score0.00415EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2023/11/06 6:34 p.m.36 views

CVE-2023-46254 Service accounts can see namespaces of other tenants in capsule-proxy

capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by capsule-proxy gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants solar...

4.3CVSS5AI score0.00415EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/09/01 12:0 a.m.20 views

Cisco APIC Unauthorized Policy Actions (cisco-sa-apic-uapa-F4TAShk)

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...

5.4CVSS5.9AI score0.00333EPSS
Exploits0References3
CNVD
CNVD
added 2023/08/30 12:0 a.m.13 views

Cisco Application Policy Infrastructure Controller Access Control Error Vulnerability (CNVD-2024-23322)

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco. The Cisco Application Policy Infrastructure Controller suffers from an access control error vulnerability that stems from improper access control when using a...

5.4CVSS6.6AI score0.00333EPSS
Exploits0References1
OSV
OSV
added 2023/08/23 7:15 p.m.4 views

CVE-2023-20230

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...

5.4CVSS5.8AI score0.00333EPSS
Exploits0References1
Prion
Prion
added 2023/08/23 7:15 p.m.28 views

Improper access control

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...

5.5CVSS5.5AI score0.00333EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/23 6:21 p.m.18 views

CVE-2023-20230

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...

5.4CVSS5.7AI score0.00333EPSS
Exploits0References1
CVE
CVE
added 2023/08/23 6:21 p.m.2545 views

CVE-2023-20230

CVE-2023-20230 affects Cisco Application Policy Infrastructure Controller (APIC). The issue arises from improper access control in the restricted security domain implementation used to enforce multi-tenancy, allowing an authenticated, remote attacker with a restricted-domain account to read, modi...

5.4CVSS5.5AI score0.00333EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

Apache Pulsar 安全漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, and...

9.6CVSS8.2AI score0.01035EPSS
Exploits0References2
Rows per page
Query Builder