326 matches found
Incomplete Patch Leaves NVIDIA and Docker Users at Risk
NVIDIA's incomplete security patch, combined with a Docker vulnerability, creates a serious threat for organizations using containerized environments. This article explains the risks and mitigation strategies...
CVE-2025-32755
In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...
Azure Linux 3.0 Security Update: cifs-utils (CVE-2025-2312)
The version of cifs-utils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2312 advisory. - A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from...
CBL Mariner 2.0 Security Update: cifs-utils (CVE-2025-2312)
The version of cifs-utils installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2312 advisory. - A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from...
cifs.upcall makes an upcall to the wrong namespace in containerized environments
...
CVE-2025-2312
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...
DEBIAN-CVE-2025-2312
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...
CVE-2025-2312
CVE-2025-2312 affects cifs-utils (cifs.upcall) where, in containerized environments, an upcall is made to the wrong namespace, risking disclosure of the host Kerberos credentials cache. Public advisories across multiple distributions (Debian, Mageia, Alpine Linux, CBL-Mariner) confirm the flaw an...
CVE-2025-2312
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...
CVE-2025-2312 cifs.upcall makes an upcall to the wrong namespace in containerized environments
A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...
Azure Linux 3.0 Security Update: cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb (CVE-2025-27144)
The version of cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27144 advisory. - Go JOSE provides an...
Azure Linux 3.0 Security Update: azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns (CVE-2025-22868)
The version of azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22868 advisory. - An attacker can pass a malicious malforme...
CVE-2025-22868 affecting package containerized-data-importer for versions less than 1.57.0-13
CVE-2025-22868 affecting package containerized-data-importer for versions less than 1.57.0-13. A patched version of the package is available...
CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.57.0-13
CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.57.0-13. A patched version of the package is available...
CVE-2023-3978 affecting package containerized-data-importer for versions less than 1.57.0-12
CVE-2023-3978 affecting package containerized-data-importer for versions less than 1.57.0-12. A patched version of the package is available...
CVE-2023-45288 affecting package containerized-data-importer for versions less than 1.57.0-11
CVE-2023-45288 affecting package containerized-data-importer for versions less than 1.57.0-11. A patched version of the package is available...
CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.55.0-23
CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.55.0-23. A patched version of the package is available...
CBL Mariner 2.0 Security Update: azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns (CVE-2025-22868)
The version of azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22868 advisory. - An attacker can pass a malicious malforme...
AZL-57356 CVE-2025-22868 affecting package containerized-data-importer for versions less than 1.57.0-13
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...
openSUSE Security Advisory (SUSE-SU-2024:2638-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...