882 matches found
CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
CVE-2023-1299
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
CVE-2023-1299
Removed by vendor...
CVE-2023-1296 Nomad ACLs Can Not Deny Access to Workload's Own Variables
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1...
CVE-2023-1296
Removed by vendor...
PT-2023-16871 · Hashicorp · Hashicorp Nomad +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise version 1.5.0 Description: A job submitter can escalate to management-level privileges using workload identity and task API. This issue was introduced due to the exposure of the workload identity token to...
HashiCorp Nomad 安全漏洞
HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. It is used to manage containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad , Nomad Enterprise versions 1.4.0 through 1.5.0...
HashiCorp Nomad 安全漏洞
HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. It is used to manage containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad , Nomad Enterprise versions 1.4.0 through 1.5.0...
PT-2023-16869 · Hashicorp +1 · Nomad Enterprise +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.5.0 Description: A vulnerability was identified in Nomad and Nomad Enterprise such that a deny ACL capability could not be applied to a workload’s own variables. If included, the...
Azure Kubernetes Service (AKS) Threat Hunting
As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also...
Azure Kubernetes Service (AKS) Threat Hunting
As more businesses shift away from running workloads on dedicated virtual machines to running them inside containers using workload orchestrators like Kubernetes, adversaries have become more interested in them as targets. Moreover, the benefits Kubernetes provides for managing workloads are also...
Workload Balancing virtual appliance 8.3.0 - For Citrix Hypervisor 8.2 Cumulative Update 1
Workload Balancing virtual appliance 8.3.0 - For Citrix Hypervisor 8.2 Cumulative Update 1 Who Should Install This Update? This Workload Balancing virtual appliance update is for customers who use the Workload Balancing feature of Citrix Hypervisor 8.2 CU1. It constitutes the following deliverabl...
SUSE CVE-2013-1534
Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...
SUSE CVE-2021-36779
A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This issue affects: SUSE Longhorn longhorn versions prior to 1.1.3; longhorn versions prior to 1.2.3...
IBM Tivoli Workload Scheduler XML External Entity Injection Vulnerability
IBM Tivoli Workload Scheduler is a suite of enterprise task scheduling software from International Business Machines IBM. IBM Tivoli Workload Scheduler suffers from an external entity injection vulnerability that can be exploited by a remote attacker to submit a special request that could obtain...
CVE-2022-38389
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975...
CVE-2022-38389
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975...
CVE-2022-22486
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328...
CVE-2022-22486
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328...