Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/06/26 4:0 p.m.36 views

CVE-2026-13434 Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...

4.9CVSS0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 4:0 p.m.12 views

CVE-2026-13434

CVE-2026-13434 affects KubeVirt’s network annotation generator used when provisioning VirtualMachineInstance with Multus networks. The flaw writes the supplied networkName verbatim into the v1.multus-cni.io/default-network annotation without format validation or sanitization, with only an empty-s...

4.9CVSS5.9AI score0.00155EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/05/28 5:1 p.m.6 views

GHSA-2WW6-HF35-MFJM Capsule Namespace Hijacking via subresource

Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests targeting namespaces. However, in Kubernetes, the namespace/finalize and namespace/status subresource APIs can also modify various fields of a...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44722

Name of the Vulnerable Software and Affected Versions Capsule versions prior to 0.13.0 Description Capsule uses a webhook to validate update requests targeting namespaces to prevent namespace hijacking. However, the webhook fails to define interception rules for the 'namespace/finalize' and...

3.9CVSS5.8AI score0.00202EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2680

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.0041EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-45807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the...

5.4CVSS5.5AI score0.0041EPSS
Exploits0References2
NVD
NVD
added 2023/10/16 10:15 p.m.16 views

CVE-2023-45807

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

5.4CVSS5.1AI score0.0041EPSS
Exploits0References1
Prion
Prion
added 2023/10/16 10:15 p.m.16 views

Information disclosure

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

5.5CVSS5.1AI score0.0041EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/16 10:15 p.m.3 views

UBUNTU-CVE-2023-45807

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

5.4CVSS5.8AI score0.0041EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/16 9:33 p.m.16 views

CVE-2023-45807 OpenSearch Issue with tenant read-only permissions

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

5.4CVSS6.3AI score0.0041EPSS
Exploits0References1
CVE
CVE
added 2023/10/16 9:33 p.m.115 views

CVE-2023-45807

OpenSearch Dashboards contains a tenant-permissions issue where authenticated users with read-only access to a tenant can create, edit, or delete index metadata for dashboards/visualizations in that tenant. This affects metadata only (not index data); read-only verification for data remains intac...

5.4CVSS5AI score0.0041EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/16 9:33 p.m.30 views

CVE-2023-45807 OpenSearch Issue with tenant read-only permissions

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

5.4CVSS5.1AI score0.0041EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.11 views

PT-2023-7035 · Unknown +1 · Opensearch +2

Name of the Vulnerable Software and Affected Versions: OpenSearch versions prior to 1.3.14 OpenSearch versions prior to 2.11.0 Description: There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can...

5.5CVSS5.1AI score0.0041EPSS
Exploits0References15
Rows per page
Query Builder