|
308031
|
- |
|
-
|
-
|
The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps
|
CWE-78
OS Command
|
CVE-2024-22033
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308032
|
- |
|
-
|
-
|
A vulnerability has been identified in which an RKE1 cluster keeps
constantly reconciling when secrets encryption configuration is enabled.
When reconciling, the Kube API secret values are written …
|
CWE-200
Information Exposure
|
CVE-2024-22032
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308033
|
- |
|
-
|
-
|
A vulnerability has been identified within Rancher that can be exploited
in narrow circumstances through a man-in-the-middle (MITM) attack. An
attacker would need to have control of an expired doma…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-22030
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308034
|
- |
|
-
|
-
|
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-22029
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308035
|
- |
|
-
|
-
|
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Re…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-49247
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308036
|
- |
|
-
|
-
|
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalat…
|
CWE-269
Improper Privilege Management
|
CVE-2023-32196
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308037
|
- |
|
-
|
-
|
A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive *
permissions for core namespaces. …
|
CWE-269
Improper Privilege Management
|
CVE-2023-32194
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308038
|
- |
|
-
|
-
|
A vulnerability has been identified in which unauthenticated cross-site
scripting (XSS) in Norman's public API endpoint can be exploited. This
can lead to an attacker exploiting the vulnerability t…
|
CWE-80
Basic XSS
|
CVE-2023-32193
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308039
|
- |
|
-
|
-
|
A vulnerability has been identified in which unauthenticated cross-site
scripting (XSS) in the API Server's public API endpoint can be
exploited, allowing an attacker to execute arbitrary JavaScrip…
|
CWE-80
Basic XSS
|
CVE-2023-32192
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308040
|
- |
|
-
|
-
|
When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allo…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2023-32191
|
2024-10-17 01:38 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
