27 matches found
EUVD-2021-2591
Malware in sbrugna...
EUVD-2010-2950
Malware in sbrugna...
EUVD-2025-24649
Malicious code in bioql PyPI...
CVE-2025-55196 External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. From version 0.15.0 to before 0.19.2, a vulnerability was discovered where the List calls for Kubernetes Secret and SecretStore resources performed by the PushSecret controller did not apply a...
Linux Distros Unpatched Vulnerability : CVE-2021-43784
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization syste...
Debian dla-3735 : golang-github-opencontainers-runc-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3735 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3735-1 [email protected]...
PT-2023-29227 · Cryo +2 · Cryo +2
Name of the Vulnerable Software and Affected Versions: Garden versions prior to 0.13.17 Garden versions prior to 0.12.65 Description: Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized...
Missing Authentication For Critical Function
github.com/cilium/cilium is vulnerable to Missing Authentication. The vulnerability is due to the ValidateCNP function in validator.go which lacks checks for a policy with any malicious or incorrectly match configurations, allowing an attacker to create policies that bypass namespace restrictions...
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy
Impact An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted endpointSelector that uses the DoesNotExist operato...
Cilium Access Control Error Vulnerability
Cilium is an open source software. It is used to provide and transparently secure network connectivity and load balancing between application workloads, such as application containers or processes. An access control error vulnerability exists in Cilium that stems from allowing an attacker to bypa...
CVE-2023-41333 Bypass of namespace restrictions in CiliumNetworkPolicy
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in othe...
Ubuntu 16.04 ESM : runC vulnerabilities (USN-6088-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6088-2 advisory. USN-6088-1 fixed vulnerabilities in runC. This update provides the corresponding updates for Ubuntu 16.04 LTS. It was discovered that runC incorrectly...
NewStart CGSL CORE 5.05 / MAIN 5.05 : docker-ce Multiple Vulnerabilities (NS-SA-2023-0014)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has docker-ce packages installed that are affected by multiple vulnerabilities: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to...
NewStart CGSL MAIN 6.02 : docker-ce Vulnerability (NS-SA-2022-0095)
The remote NewStart CGSL host, running version MAIN 6.02, has docker-ce packages installed that are affected by a vulnerability: - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for...
NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Vulnerability (NS-SA-2022-0020)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected by a vulnerability: - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization...
openSUSE 15 Security Update : runc (openSUSE-SU-2021:4171-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:4171-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a...
SUSE SLES15 Security Update : runc (SUSE-SU-2021:4171-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:4171-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a...
SUSE SLES12 Security Update : runc (SUSE-SU-2021:4059-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:4059-1 advisory. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a...
MGASA-2021-0553 Updated opencontainers-runc packages fix security vulnerability
It was discovered that there was an overflow issue in runc, the runtime for the Open Container Project, often used with Docker. The Netlink 'bytemsg' length field could have allowed an attacker to override Netlink-based container configurations. This vulnerability required the attacker to have so...
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC
Impact In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code responsible for the based namespace setup of containers. In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an...