Lucene search
K

13 matches found

Cvelist
Cvelist
added 2025/12/30 8:17 p.m.22 views

CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

5.3CVSS0.00415EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-29512

Malware in sbrugna...

5.3CVSS6.4AI score0.013EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2024/03/28 12:0 a.m.17 views

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

7.8CVSS7.2AI score0.00914EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/03/05 7:1 p.m.5 views

envoy: Incorrect Access Control when using SDS with Combined Validation Context

An access control bypass vulnerability was found in envoy. When the same TLS secret is used across multiple resources, the client's data, such as the subject alternative name or hash, is not validated. This flaw could lead to a possible bypass of security restrictions...

5.3CVSS7.1AI score0.013EPSS
Exploits0References5
NVD
NVD
added 2020/03/04 9:15 p.m.27 views

CVE-2020-8664

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret e.g. trusted CA across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even thoug...

5.3CVSS6.2AI score0.013EPSS
Exploits0References3
OSV
OSV
added 2020/03/04 9:15 p.m.18 views

CVE-2020-8664

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret e.g. trusted CA across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even thoug...

5.3CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2020/03/04 9:15 p.m.24 views

Design/Logic Flaw

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret e.g. trusted CA across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even thoug...

5CVSS6.2AI score0.013EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/03/04 8:53 p.m.28 views

CVE-2020-8664

CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Context. Using the same secret e.g. trusted CA across many resources together with the combined validation context could lead to the “static” part of the validation context to be not applied, even thoug...

6.2AI score0.013EPSS
Exploits0References3
CVE
CVE
added 2020/03/04 8:53 p.m.101 views

CVE-2020-8664

CVE-2020-8664 is reported in the Red Hat OpenShift Service Mesh 1.0.9 servicemesh-proxy advisory (RHSA-2020:0734). The issue is an incorrect Access Control when using SDS with a Combined Validation Context in Envoy, which could affect access controls across multiple resources and is one of severa...

5.3CVSS6AI score0.013EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/09/10 4:29 a.m.4 views

CVE-2018-16767

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand...

8.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2018/09/10 4:29 a.m.4 views

CVE-2018-16764

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service application crash or possibly have unspecified other impact because of an IR::FunctionValidationContext::catchall heap-based buffer over-read...

8.8CVSS6AI score0.01269EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/10 12:0 a.m.2 views

WAVM Buffer Overflow Vulnerability (CNVD-2019-09770)

WAVM is the WebAssembly Virtual Machine. A heap buffer overflow vulnerability exists in IR::FunctionValidationContext::end in WAVM 2018-07-26 and earlier versions, which can be exploited by an attacker to cause a denial of service application crash by sending a specially crafted file...

8.8CVSS8.7AI score0.01269EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/10 12:0 a.m.2 views

WAVM Buffer Overflow Vulnerability

WAVM is the WebAssembly Virtual Machine. A buffer overflow vulnerability exists in the 'FunctionValidationContext::popAndValidateOperand' function in WAVM 2018-07-26 and earlier versions, which can be exploited by an attacker by sending a specially crafted file to WAVM This can be exploited to...

8.8CVSS8.7AI score0.01269EPSS
Exploits1References1
Rows per page
Query Builder