Lucene search

K

Weave Net Security Vulnerabilities

cve
cve

CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

8CVSS

7.8AI Score

0.0004EPSS

2021-01-20 10:15 PM
35
3
cve
cve

CVE-2020-11091

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host (via ipv6.disable=1.....

5.8CVSS

6.4AI Score

0.041EPSS

2020-06-03 11:15 PM
50