CBL Mariner 2.0 Security Update: application-gateway-kubernetes-ingress / azcopy / cert-manager / cf-cli / coredns (CVE-2024-51744)

The version of application-gateway-kubernetes-ingress / azcopy / cert-manager / cf-cli / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-51744 advisory. - golang-jwt is a Go implementation...

Azure Linux 3.0 Security Update: azcopy / git-lfs / golang / influxdb / keda (CVE-2025-22870)

The version of azcopy / git-lfs / golang / influxdb / keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22870 advisory. - Matching of hosts against proxy patterns can improperly treat an IPv6...

CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-4

CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-4. A patched version of the package is available...

CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4

CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4. A patched version of the package is available...

CVE-2025-30204 vulnerabilities

Vulnerabilities for packages: fluent-bit-plugin-loki, kaniko, sftpgo-plugin-kms, rekor, fulcio, gitea, zarf, flux-source-controller, flyte, chezmoi, traefik, k8sgpt, promxy, aws-eks-pod-identity-agent, step-ca, sqlexporter, bank-vaults, op-geth, flux-kustomize-controller,...

AZL-59169 CVE-2025-30204 affecting package azcopy for versions less than 10.25.1-3

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

AZL-59209 CVE-2025-30204 affecting package azcopy for versions less than 10.25.1-5

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

Azure Linux 3.0 Security Update: azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns (CVE-2025-22868)

The version of azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22868 advisory. - An attacker can pass a malicious malforme...

CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-2

CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-2. A patched version of the package is available...

AZL-58458 CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-4

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

AZL-58404 CVE-2025-22870 affecting package azcopy for versions less than 10.25.1-5

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

CBL Mariner 2.0 Security Update: azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns (CVE-2025-22868)

The version of azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22868 advisory. - An attacker can pass a malicious malforme...

CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-3

CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-3. A patched version of the package is available...

AZL-57443 CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-5

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

AZL-57309 CVE-2025-22868 affecting package azcopy for versions less than 10.25.1-2

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns (CVE-2023-45288)

The version of application-gateway-kubernetes-ingress / azcopy / blobfuse2 / cert-manager / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45288 advisory. - An attacker May cause an HTTP/...

Azure Linux 3.0 Security Update: azcopy / containerized-data-importer / cri-o / golang / moby-engine / prometheus / sriov-network-device-plugin (CVE-2022-41717)

The version of azcopy / containerized-data-importer / cri-o / golang / moby-engine / prometheus / sriov-network-device- plugin installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-41717 advisory. - An...

Azure Linux 3.0 Security Update: azcopy / blobfuse2 / cert-manager / cf-cli (CVE-2024-24786)

The version of azcopy / blobfuse2 / cert-manager / cf-cli installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24786 advisory. - The protojson.Unmarshal function can enter an infinite loop when...

Unwrapping the emerging Interlock ransomware attack

Cisco Talos Incident Response Talos IR recently observed an attacker conducting big-game hunting and double extortion attacks using the relatively new Interlock ransomware. Our analysis uncovered that the attacker used multiple components in the delivery chain including a Remote Access Tool RAT...

AZL-52174 CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-4

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...