Galaxy Book Go, Galaxy Book Go 5G, Galaxy Book2 Go And Galaxy Book2 Pro 360 Security Vulnerabilities

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in github.com/rancher/rancher

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in...

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in go.etcd.io/etcd

Etcd embed auto compaction retention negative value causing a compaction loop or a crash in...

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in github.com/dexidp/dex

Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in...

Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server

Mattermost Cross-site Scripting vulnerability in...

HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

HashiCorp Vault Improper Privilege Management in...

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in...

Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana

Grafana XSS via a query alias for the ElasticSearch datasource in...

HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

HashiCorp Vault Improper Privilege Management in...

Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security

Improper Neutralization of HTTP Headers in...

Authentik vulnerable to PKCE downgrade attack in goauthentik.io

Authentik vulnerable to PKCE downgrade attack in...

Cross-site Scripting in github.com/greenpau/caddy-security

Cross-site Scripting in...

Grafana XSS via a column style in github.com/grafana/grafana

Grafana XSS via a column style in...

CubeFS leaks magic secret key when starting Blobstore access service in github.com/cubefs/cubefs

CubeFS leaks magic secret key when starting Blobstore access service in...

CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs

CubeFS timing attack can leak user passwords in...

Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation in github.com/minio/minio

Minio unsafe default: Access keys inherit admin of root user, allowing privilege escalation in...

Classic builder cache poisoning in github.com/docker/docker

Classic builder cache poisoning in...

Grafana information disclosure in github.com/grafana/grafana

Grafana information disclosure in...

Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault

Improper Authentication in HashiCorp Vault in...

Hashicorp Vault may expose sensitive log information in github.com/hashicorp/vault

Hashicorp Vault may expose sensitive log information in...

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability in...

MongoDB Tools Improper Certificate Validation vulnerability in github.com/mongodb/mongo-tools

MongoDB Tools Improper Certificate Validation vulnerability in...

Rancher 'Audit Log' leaks sensitive information in github.com/rancher/rancher

Rancher 'Audit Log' leaks sensitive information in...

Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server

Mattermost denial of service through long emoji value in...

Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server

Mattermost fails to check the "invite_guest" permission in...

Server-Side Request Forgery in github.com/greenpau/caddy-security

Server-Side Request Forgery in...

Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability in github.com/buildkite/elastic-ci-stack-for-aws

Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability in...

Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

Token leases could outlive their TTL in HashiCorp Vault in...

Mattermost Jira Plugin does not properly check security levels in github.com/mattermost/mattermost-plugin-jira

Mattermost Jira Plugin does not properly check security levels in...

HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

HashiCorp Vault Authentication bypass in...

Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server

Mattermost fails to properly restrict the access of files attached to posts in...

Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault

Enumeration of users in HashiCorp Vault in...

SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport

SFTP is possible on the Proxy server for any user with SFTP access in...

Moby Docker cp broken with debian containers in github.com/moby/moby

Moby Docker cp broken with debian containers in...

Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana

Grafana Cross-site Scripting (XSS) in...

Denial of service in HashiCorp Consul in github.com/hashicorp/consul

Denial of service in HashiCorp Consul in...

Authenticated users can crash the CubeFS servers with maliciously crafted requests in github.com/cubefs/cubefs

Authenticated users can crash the CubeFS servers with maliciously crafted requests in...

Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server

Mattermost vulnerable to denial of service via large number of emoji reactions in...

Insufficient Session Expiration in github.com/greenpau/caddy-security

Insufficient Session Expiration in...

The DES/3DES cipher was used as part of the TLS protocol by installation tools in github.com/karmada-io/karmada

The DES/3DES cipher was used as part of the TLS protocol by installation tools in...

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...

Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3

Etcd pkg Insecure ciphers are allowed by default in...

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in...

Insecure random string generator used for sensitive data in github.com/cubefs/cubefs

Insecure random string generator used for sensitive data in...

chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in blitiri.com.ar/go/chasquid

chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in...

Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server

Mattermost fails to limit the number of role names in...

Grafana stored XSS in github.com/grafana/grafana

Grafana stored XSS in...

Evmos is missing precompile checks in github.com/evmos/evmos

Evmos is missing precompile checks in...

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in...

Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher

Rancher's External RoleTemplates can lead to privilege escalation in...

Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

Argo-cd authenticated users can enumerate clusters by name in...