13 matches found
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
CVE-2025-40604
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution...
PT-2025-47567
Name of the Vulnerable Software and Affected Versions SonicWall Email Security Appliance affected versions not specified Description The SonicWall Email Security appliance downloads root filesystem images without verifying signatures. This allows attackers with VMDK or datastore access to modify...
EUVD-2021-18871
Malware in sbrugna...
CVE-2023-27290 IBM Observability with Instana missing authentication
Docker based datastores for IBM Instana IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0 do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737...
SUSE CVE-2021-32001
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...
Code injection
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...
CVE-2021-32001
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...
CVE-2021-32001
K3s (SUSE Rancher) and RKE2 installations are affected by CVE-2021-32001, where a user with direct datastore access or a datastore backup copy can extract cluster keying material (including CA private keys and encryption passphrases) and decrypt data without the token. Affected versions include S...
PT-2021-19621 · Suse · Rke2 +1
Name of the Vulnerable Software and Affected Versions: SUSE Rancher K3s versions v1.19.12+k3s1 through v1.21.2+k3s1 and prior versions RKE2 versions v1.19.12+rke2r1 through v1.21.2+rke2r1 and prior versions Description: A Missing Encryption of Sensitive Data issue allows any user with direct acce...
SUSE Rancher K3s 安全漏洞
SUSE Rancher K3s is a CNCF sandboxing project from SUSE Germany that provides a lightweight but powerful certified Kubernetes distribution. A security vulnerability exists in SUSE Rancher K3s that allows any user with direct access to a datastore, or a copy of a datastore backup, to extract the...