CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Github Security Blog•added 2024/07/24 9:31 p.m.•14 views

fabedge has insecure permissions

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

9.8CVSS6.9AI score0.00261EPSS

Exploits0References4Affected Software1

OSV•added 2024/07/24 9:31 p.m.•7 views

GHSA-C9CM-5J82-M6PJ fabedge has insecure permissions

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

9.1CVSS9.5AI score0.00261EPSS

Exploits0References4

NVD•added 2024/07/24 7:15 p.m.•13 views

CVE-2024-36536

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

9.8CVSS0.00261EPSS

Exploits0References1

Cvelist•added 2024/07/24 12:0 a.m.•13 views

CVE-2024-36536

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

0.00261EPSS

Exploits0References1

Vulnrichment•added 2024/07/24 12:0 a.m.•17 views

CVE-2024-36536

Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token...

7AI score0.00261EPSS

Exploits0References1

CVE•added 2024/07/24 12:0 a.m.•44 views

CVE-2024-36536

CVE-2024-36536 affects fabedge v0.8.1 due to insecure permissions that let attackers access sensitive data and escalate privileges by obtaining a service account token. Red Hat, OSV and related advisories corroborate the same issue across fabedge components. Impact is high: confidentiality, integ...

9.8CVSS6.7AI score0.00261EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/12/13 7:41 a.m.•11 views

CVE-2022-23523 rust-vmm linux-loader vulnerable to Out-of-bounds Read

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the linux-loader crate entering an infinite loop if...

4CVSS5.4AI score0.00122EPSS

Exploits0References2

Prion•added 2022/12/08 10:15 p.m.•12 views

Input validation

go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode...

5CVSS7.4AI score0.02643EPSS

Exploits0References9Affected Software1

Github Security Blog•added 2022/12/08 4:12 p.m.•20 views

go-merkledag's ProtoNode may be modified such that common method calls may panic

Impact A ProtoNode may be modified in such a way as to cause various encode errors which will trigger a panic on common method calls that don't allow for error returns. A ProtoNode should only be able to encode to valid DAG-PB, attempting to encode invalid DAG-PB forms will result in an error fro...

7.5CVSS0.5AI score0.02643EPSS

Exploits0References12Affected Software1

OSV•added 2019/08/25 12:0 p.m.•14 views

RUSTSEC-2019-0019 HMAC-BLAKE2 algorithms compute incorrect results

When used in conjunction with the Hash-based Message Authentication Code HMAC, the BLAKE2b and BLAKE2s implementations in blake2 crate versions prior to v0.8.1 used an incorrect block size 32-bytes instead of 64-bytes for BLAKE2s, and 64-bytes instead of 128-bytes for BLAKE2b, causing them to...

9.8CVSS9.6AI score0.00203EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by