Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-qc2g-gmh6-95p4: kube-apiserver vulnerable to policy bypass

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.

ghsa
Open in Source
#web#git#kubernetes
GHSA-cgcv-5272-97pr: Kubernetes mountable secrets policy bypass

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.

GHSA-2qmj-7962-cjq8: langchain arbitrary code execution vulnerability

An issue in langchain allows an attacker to execute arbitrary code via the PALChain in the python exec method.

CVE-2020-22152: XSS in pages · Issue #552 · daylightstudio/FUEL-CMS

Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages function.

CVE-2020-22151: getshell in assets · Issue #551 · daylightstudio/FUEL-CMS

Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.

CVE-2023-36162: ZZCMS-2023 has a CSRF vulnerability · Issue #6 · forget-code/zzcms

Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php.

CVE-2023-36183: [BUG] Heap-buffer-overflow in function ICOInput::readimg in file src/ico.imageio/icoinput.cpp · Issue #3871 · OpenImageIO/oiio

Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.

CVE-2023-36222: bbs-go 存储式跨站脚本漏洞1 · Issue #206 · mlogclub/bbs-go

Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article function.

CVE-2023-36377: Comparing 2.2...2.3 · mtrojnar/osslsigncode

Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.

CVE-2023-36291: Add SECURITY.md · Issue #500 · maxsite/cms

Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file.