Filtered by NVD-CWE-noinfo
Total 35577 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2727 2 Kubernetes, Redhat 3 Kubernetes, Openshift, Openshift Ironic 2025-02-13 6.5 Medium
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
CVE-2023-27316 1 Netapp 1 Snapcenter 2025-02-13 8.8 High
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.
CVE-2023-26437 1 Powerdns 1 Recursor 2025-02-13 3.4 Low
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.
CVE-2023-25754 1 Apache 1 Airflow 2025-02-13 9.8 Critical
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.
CVE-2023-20898 1 Saltstack 1 Salt 2025-02-13 4.2 Medium
Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.
CVE-2023-1387 2 Grafana, Redhat 2 Grafana, Ceph Storage 2025-02-13 4.2 Medium
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.
CVE-2022-4886 1 Kubernetes 1 Ingress-nginx 2025-02-13 8.8 High
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
CVE-2022-47185 1 Apache 1 Traffic Server 2025-02-13 7.5 High
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
CVE-2022-47184 2 Apache, Debian 2 Traffic Server, Debian Linux 2025-02-13 7.5 High
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.
CVE-2023-47141 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2025-02-13 5.3 Medium
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.
CVE-2023-46167 4 Ibm, Linux, Microsoft and 1 more 4 Db2, Linux Kernel, Windows and 1 more 2025-02-13 5.9 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.
CVE-2023-45285 2 Golang, Redhat 4 Go, Devtools, Enterprise Linux and 1 more 2025-02-13 7.5 High
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
CVE-2023-45239 3 Facebook, Fedoraproject, Meta 3 Tac Plus, Fedora, Tac Plus 2025-02-13 9.8 Critical
A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.
CVE-2023-45193 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2025-02-13 5.9 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.
CVE-2023-45178 1 Ibm 1 Db2 2025-02-13 6.5 Medium
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially crafted request is used. IBM X-Force ID: 268073.
CVE-2023-45143 3 Fedoraproject, Nodejs, Redhat 3 Fedora, Undici, Enterprise Linux 2025-02-13 3.9 Low
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.
CVE-2023-44253 1 Fortinet 2 Fortianalyzer, Fortimanager 2025-02-13 4.7 Medium
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.
CVE-2023-4368 2 Debian, Google 2 Debian Linux, Chrome 2025-02-13 8.8 High
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4367 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 6.5 Medium
Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4365 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-02-13 4.3 Medium
Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)