227 matches found
CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...
CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack offline attack where hashes of known passwords are precomputed...
NeuVector 安全漏洞
NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in NeuVector versions 5.4.5 and earlier, which stems...
NeuVector 安全漏洞
NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. NeuVector suffers from a security vulnerability that stems from the use of simple and...
NeuVector 安全漏洞
NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in NeuVector that stems from the execution of Java...
GO-2025-3918 NeuVector admin account has insecure default password in github.com/neuvector/neuvector
NeuVector admin account has insecure default password in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
GO-2025-3917 NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector
NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GO-2025-3919 NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector
NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
PT-2025-36643
NeuVector admin account has insecure default password in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
PT-2025-36642
NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
PT-2025-36644
NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
NeuVector admin account has insecure default password
Impact A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the defau...
Use of Default Credentials
Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...
Use of Default Credentials
Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...
Use of Default Credentials
Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...
Use of Default Credentials
Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...
Use of Default Credentials
Overview Affected versions of this package are vulnerable to Use of Default Credentials for the admin account. An attacker can gain full administrative access by using the default credentials if the password is not changed after deployment. Workaround This vulnerability can be mitigated by loggin...
NeuVector process with sensitive arguments lead to leakage
Impact When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation. For example, java -cp /app ... Djavax.net.ssl.trustStorePassword= The command with the password appears in the NeuVector security event. To prevent this, NeuVector uses the...
Missing Password Field Masking
Overview Affected versions of this package are vulnerable to Missing Password Field Masking due to improper handling of process command arguments containing sensitive information. An attacker can obtain confidential data by accessing security event logs where sensitive arguments, such as password...
Missing Password Field Masking
Overview Affected versions of this package are vulnerable to Missing Password Field Masking due to improper handling of process command arguments containing sensitive information. An attacker can obtain confidential data by accessing security event logs where sensitive arguments, such as password...