165 matches found
ALSA-2021:4221 Moderate: container-tools:2.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 For more details about the security issues, including the impac...
Moderate: container-tools:2.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 For more details about the security issues, including the impac...
RLSA-2021:4154 Moderate: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 containers/storage: DoS via malicious image CVE-2021-20291 For...
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 containers/storage: DoS via malicious image CVE-2021-20291 For...
SUSE SLES12: javapackages-tools / tomcat / tomcat-admin-webapps / etc (SUSE-SU-2021:3602-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3602-1 advisory. This update for tomcat, javapackages-tools fixes the following issue: Security issue fixed: - CVE-2021-30640: Escape parameters in...
Fedora: Security Advisory for podman (FEDORA-2021-0c53d8738d)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for crun (FEDORA-2021-0c53d8738d)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for skopeo (FEDORA-2021-0c53d8738d)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GHSA-7638-R9R3-RMJJ Buildah processes using chroot isolation may leak environment values to intermediate processes
Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...
Buildah processes using chroot isolation may leak environment values to intermediate processes
Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...
Security fix for the ALT Linux 10 package podman version 3.2.3-alt1
July 19, 2021 Alexey Shabalin 3.2.3-alt1 - new version 3.2.3 Fixes: CVE-2021-3602...
Cisco StarOS Privilege Escalation (cisco-sa-staros-privilege-esc-pyb7YTd)
According to its self-reported version, the Cisco StarOS operating system on the remote Cisco ASR 5000 series router is affected by a privilege escalation vulnerability due to insufficient validation of CLI commands. An authenticated, local attacker can exploit this, by sending crafted commands t...
CVE-2020-3602
creationtimestamp| type| source ---|---|--- 2020-10-08 12:30:38+00:00| seen| https://t.me/cibsecurity/15140...
CVE-2020-3602
CVE-2020-3602 affects Cisco StarOS on Cisco ASR 5000 Series routers. The issue stems from insufficient input validation in the CLI, allowing an authenticated, local attacker with valid credentials to craft CLI commands and execute arbitrary code with root privileges. Documents consistently descri...
CVE-2019-3602
Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML...
CVE-2019-3602
Cross Site Scripting XSS vulnerability in McAfee Network Security Manager NSM Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML...
CVE-2019-3602
CVE-2019-3602 is an XSS in McAfee Network Security Manager (NSM) before 9.1 Update 5. An authenticated administrator can embed an XSS in the NSM administrator interface via a specially crafted custom rule containing HTML. The provided documents do not specify root cause details or a patch/version...
Information Disclosure
OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. It was reported that OpenShift Enterprise 2.2 did not properly restrict access to services running on different gears. This could allow an...
Trend Micro Control Manager GetProductCategory SQL Injection (CVE-2018-3602)
An SQL injection vulnerability exists in the Trend Micro Control Manager. The vulnerability is due to improper validation of user-supplied input HTTP parameter...
RHEL 6 : Red Hat OpenShift Enterprise 2.2 Release Advisory (Moderate) (RHSA-2014:1796)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1796 advisory. OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private clou...