Lucene search
+L

165 matches found

osv
osv
added 2021/11/09 8:45 a.m.33 views

ALSA-2021:4221 Moderate: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 For more details about the security issues, including the impac...

5.5CVSS5.8AI score0.00327EPSS
Exploits0References2
almalinux
almalinux
added 2021/11/09 8:45 a.m.60 views

Moderate: container-tools:2.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 For more details about the security issues, including the impac...

5.5CVSS5.7AI score0.00327EPSS
Exploits0References2
osv
osv
added 2021/11/09 8:24 a.m.53 views

RLSA-2021:4154 Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 containers/storage: DoS via malicious image CVE-2021-20291 For...

6.5CVSS6.7AI score0.01587EPSS
Exploits1References55
almalinux
almalinux
added 2021/11/09 8:24 a.m.135 views

Moderate: container-tools:rhel8 security, bug fix, and enhancement update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 containers/storage: DoS via malicious image CVE-2021-20291 For...

7.1CVSS6.6AI score0.01587EPSS
Exploits1References3
nessus
nessus
added 2021/11/05 12:0 a.m.37 views

SUSE SLES12: javapackages-tools / tomcat / tomcat-admin-webapps / etc (SUSE-SU-2021:3602-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3602-1 advisory. This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in...

7.5CVSS6.8AI score0.75353EPSS
Exploits1References11
openvas
openvas
added 2021/07/27 12:0 a.m.24 views

Fedora: Security Advisory for podman (FEDORA-2021-0c53d8738d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS5.9AI score0.00327EPSS
Exploits0References2
openvas
openvas
added 2021/07/27 12:0 a.m.21 views

Fedora: Security Advisory for crun (FEDORA-2021-0c53d8738d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS5.9AI score0.00327EPSS
Exploits0References2
openvas
openvas
added 2021/07/27 12:0 a.m.19 views

Fedora: Security Advisory for skopeo (FEDORA-2021-0c53d8738d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.5CVSS5.9AI score0.00327EPSS
Exploits0References2
osv
osv
added 2021/07/19 3:19 p.m.28 views

GHSA-7638-R9R3-RMJJ Buildah processes using chroot isolation may leak environment values to intermediate processes

Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...

5.5CVSS5.7AI score0.00327EPSS
Exploits0References7
github
github
added 2021/07/19 3:19 p.m.162 views

Buildah processes using chroot isolation may leak environment values to intermediate processes

Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...

5.5CVSS5.8AI score0.00327EPSS
Exploits0References7Affected Software1
altlinux
altlinux
added 2021/07/19 12:0 a.m.142 views

Security fix for the ALT Linux 10 package podman version 3.2.3-alt1

July 19, 2021 Alexey Shabalin 3.2.3-alt1 - new version 3.2.3 Fixes: CVE-2021-3602...

1.9CVSS5.7AI score0.00327EPSS
Exploits0
nessus
nessus
added 2020/10/09 12:0 a.m.74 views

Cisco StarOS Privilege Escalation (cisco-sa-staros-privilege-esc-pyb7YTd)

According to its self-reported version, the Cisco StarOS operating system on the remote Cisco ASR 5000 series router is affected by a privilege escalation vulnerability due to insufficient validation of CLI commands. An authenticated, local attacker can exploit this, by sending crafted commands t...

7.2CVSS7.3AI score0.00387EPSS
Exploits0References3
circl
circl
added 2020/10/08 12:30 p.m.5 views

CVE-2020-3602

creationtimestamp| type| source ---|---|--- 2020-10-08 12:30:38+00:00| seen| https://t.me/cibsecurity/15140...

7.2CVSS6.4AI score0.00387EPSS
Exploits0References1
cve
cve
added 2020/10/08 4:21 a.m.72 views

CVE-2020-3602

CVE-2020-3602 affects Cisco StarOS on Cisco ASR 5000 Series routers. The issue stems from insufficient input validation in the CLI, allowing an authenticated, local attacker with valid credentials to craft CLI commands and execute arbitrary code with root privileges. Documents consistently descri...

7.2CVSS6.8AI score0.00387EPSS
Exploits0References1Affected Software1
osv
osv
added 2019/05/15 4:29 p.m.6 views

CVE-2019-3602

Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML...

4.8CVSS5.8AI score0.00632EPSS
Exploits0References2
nvd
nvd
added 2019/05/15 4:29 p.m.29 views

CVE-2019-3602

Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML...

4.8CVSS4.6AI score0.00632EPSS
Exploits0References2
cve
cve
added 2019/05/15 3:47 p.m.59 views

CVE-2019-3602

CVE-2019-3602 is an XSS in McAfee Network Security Manager (NSM) before 9.1 Update 5. An authenticated administrator can embed an XSS in the NSM administrator interface via a specially crafted custom rule containing HTML. The provided documents do not specify root cause details or a patch/version...

4.8CVSS4.6AI score0.00632EPSS
Exploits0References2Affected Software1
veracode
veracode
added 2019/05/02 5:4 a.m.24 views

Information Disclosure

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. It was reported that OpenShift Enterprise 2.2 did not properly restrict access to services running on different gears. This could allow an...

7.5CVSS5.8AI score0.02019EPSS
Exploits0References36Affected Software119
checkpoint_advisories
checkpoint_advisories
added 2018/12/11 12:0 a.m.24 views

Trend Micro Control Manager GetProductCategory SQL Injection (CVE-2018-3602)

An SQL injection vulnerability exists in the Trend Micro Control Manager. The vulnerability is due to improper validation of user-supplied input HTTP parameter...

6.5CVSS1.4AI score0.08268EPSS
Exploits0
nessus
nessus
added 2018/12/06 12:0 a.m.36 views

RHEL 6 : Red Hat OpenShift Enterprise 2.2 Release Advisory (Moderate) (RHSA-2014:1796)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1796 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private clou...

7.5CVSS5.8AI score0.02019EPSS
Exploits0References35
Rows per page
Query Builder