59 matches found
ROS-2-2193
2.2193 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker can pass specially crafted data to an application, cause an integer overflow, and execute arbitrary...
fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...
ROS-2-1194
2.1194 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker can pass specially crafted data to an application, cause an integer overflow, and execute arbitrary...
ROS-2-873
2.873 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker can pass specially crafted data to an application, cause an integer overflow, and execute arbitrary...
ROS-2-519
2.519 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker can pass specially crafted data to an application, cause an integer overflow, and execute arbitrary...
ROS-2-467
2.467 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker can pass specially crafted data to an application, cause an integer overflow, and execute arbitrary...
fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...
fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...
FreeBSD : redis -- multiple vulnerabilities (1606b03b-ac57-11eb-9bdd-8c164567ca3c)
Redis project reports : Vulnerability in the STRALGO LCS command An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. Vulnerability in the COPY command for large intsets An...
Redis Labs Redis 输入验证错误漏洞
Redis Labs Redis is an open source, network-enabled, memory-based, persistent logging, key-value Key-Value storage database written in ANSI C, with a multi-language API, from Redis Labs. An input validation error vulnerability exists in Redis due to an integer overflow in the COPY command for lar...
redis -- multiple vulnerabilities
Redis project reports: Vulnerability in the STRALGO LCS command An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. Vulnerability in the COPY command for large intsets An...
fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...
fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...
fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and...
Rohan Kumar kubernetes-client 路径遍历漏洞
Rohan Kumar kubernetes-client is an open source application by Rohan Kumar. Provides smooth DSL access to the full Kubernetes and OpenShift REST APIs. A security vulnerability exists in fabric8 kubernetes-client in version 4.2.0 and after, which stems from the copy command lifting files outside o...
USN-4707-1 tcmu vulnerability
It was discovered that TCMU lacked a check for transport-layer restrictions, allowing remote attackers to read or write files via directory traversal in an XCOPY request...
Important: Red Hat Security Advisory: container-tools:rhel8 security and bug fix update
An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
ALSA-2020:1379 Important: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: Slirp: potential OOB access due to unsafe snprintf usages CVE-2020-8608 For more details about the security issues, including the impact, a CVSS score,...
RLSA-2020:1379 Important: container-tools:rhel8 security and bug fix update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: QEMU: Slirp: potential OOB access due to unsafe snprintf usages CVE-2020-8608 For more details about the security issues, including the impact, a CVSS score,...
docker: symlink-exchange race attacks in docker cp
A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on t...