96 matches found
SUSE CVE-2009-0895
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow...
SUSE CVE-2026-27111
Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...
CVE-2026-27111
Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...
CVE-2026-27111
Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...
CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints
Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...
CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints
Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the REST API, Kargo’s authorization model fails to enforce the non-standard promote "dolphin verb" across three specific endpoints. While this sensitive operation is correctly gated in the legacy gRPC API, the...
GHSA-5VVM-67PJ-72G4 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints
Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions,...
PT-2026-21302
Name of the Vulnerable Software and Affected Versions Kargo versions 1.9.0 through 1.9.2 Description Kargo manages and automates the promotion of software artifacts. The authorization model includes a 'promote' verb intended to control access to promotion pipelines. While correctly enforced in th...
EUVD-2014-5073
Malware in sbrugna...
EUVD-2017-17364
Malware in sbrugna...
EUVD-2018-14338
Malware in sbrugna...
EUVD-2020-26026
Malware in sbrugna...
EUVD-2022-35580
Malicious code in bioql PyPI...
CVE-2025-58050 PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...
PT-2025-34928
Name of the Vulnerable Software and Affected Versions: PCRE2 library versions prior to 10.46 Description: The PCRE2 library contains a heap-buffer-overflow read vulnerability in the regular expression matching engine. The issue occurs within the handling of the scs:... Scan SubString verb when...
CVE-2024-45282 HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...
CVE-2024-45282 HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)
Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...
CVE-2024-45282
CVE-2024-45282 affects SAP S/4HANA, specifically the Manage Bank Statements component and its Bank Statement Draft. Fields in the read-only state can be modified via the MERGE method, leading to integrity violations in an OData entity. Root cause: lack of protection against external modifications...
HTTP Verb Authentication Bypass Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Verb Authentication Bypass Scanner', 'Description' = %q This module test for authentication bypass using different HTTP verbs. , 'Author' =...