BIT-ETCD-2026-33413 etcd: Authorization bypasses in multiple APIs

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

UBUNTU-CVE-2026-33343

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with...

CVE-2026-33343

The connected advisory for CVE-2026-33343 relates to etcd: Nested etcd transactions can bypass RBAC authorization checks when an authenticated user with restricted key-range permissions uses nested transactions. This allows such a user to bypass key-range restrictions and potentially access the e...

etcd 安全漏洞

Etcd is an open-source system developed in Go language, used as a key-value storage system for distributed systems. There are security vulnerabilities in versions prior to 3.4.42, 3.5.28, and 3.6.9 of etcd. These vulnerabilities stem from nested transactions that can bypass key range authorizatio...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in multiple functions in the gRPC API layer, including MemberList and Compact. An attacker can gain unauthorized access to sensitive cluster operations and information, such as viewing cluster topology, disrupting...

WordPress MasterStudy LMS plugin <= 3.5.28 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin MasterStudy LMS versions = 3.5.28...

DjVuLibre 数字错误漏洞

DjVuLibre is an open source implementation of DjVu computer file format that includes a DjVu file viewer, browser plug-in, DjVu file decoder/encoder and other utilities. A security vulnerability exists in DjVuLibre version 3.5.28, which originated from allowing an attacker to cause a denial of...

DjVuLibre 数字错误漏洞

DjVuLibre is an open source implementation of DjVu computer file format that includes a DjVu file viewer, browser plug-in, DjVu file decoder/encoder and other utilities. A security vulnerability exists in DjVuLibre version 3.5.28, which originated from allowing an attacker to cause a denial of...

SUSE CVE-2021-32493

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode via crafted djvu file may lead to application crash and other consequences...

DEBIAN-CVE-2021-3500

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::getdjvufile via crafted djvu file may lead to application crash and other consequences...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write. A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filterbv via crafted djvu file may lead to application crash and other consequences. Remediation A fix was pushed into the...

UBUNTU-CVE-2021-3500

A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::getdjvufile via crafted djvu file may lead to application crash and other consequences...

Squid Security Update Advisory (SQUID-2018:4)

Squid is prone to a cross-site scripting vulnerability to incorrect input handling when generating HTTPS response messages about TLS errors. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...