7716 matches found
EUVD-2022-1885
Malicious code in bioql PyPI...
EUVD-2022-4542
Malicious code in bioql PyPI...
EUVD-2022-2324
Malicious code in bioql PyPI...
EUVD-2022-3425
Malicious code in bioql PyPI...
CVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...
Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning
Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...
GHSA-227X-7MH8-3CF6 Gardener provider extensions vulnerable to code injection when Terraform is used for infrastructure provisioning
Impact A security vulnerability was discovered in Gardener when Terraformer is used for infrastructure provisioning. This vulnerability could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster where the shoot cluster is managed. This CVE...
CVE-2025-59823
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-59823 Gardener providers vulnerable to code injection when Terraformer is used for infrastructure provisioning
Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...
CVE-2025-59823
The CVE-2025-59823 issue affects Gardener extensions for AWS (<1.64.0), Azure (<1.55.0), OpenStack (<1.49.0), and GCP (
PT-2025-39386
Name of the Vulnerable Software and Affected Versions Project Gardener versions prior to 1.64.0 AWS providers Project Gardener versions prior to 1.55.0 Azure providers Project Gardener versions prior to 1.49.0 OpenStack providers Project Gardener versions prior to 1.46.0 GCP providers Description...
SUSE-SU-2025:20755-1 Security update for cloud-init
This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: + docs: provide example3 for PAM and sshpwauth behavior 27 + fix: Make hotplug socket writable only by root 25 CVE-2024-11584 + fix: Don't attempt to identify non-x86 OpenStack instances LP:...
Security update for cloud-init
This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245401,bsc1245403: docs: provide example3 for PAM and sshpwauth behavior 27 fix: Make hotplug socket writable only by root 25 CVE-2024-11584 fix: Don't attempt to identify non-x86 OpenStack instances LP: 2069607...
Linux Distros Unpatched Vulnerability : CVE-2017-16613
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy serve...
Linux Distros Unpatched Vulnerability : CVE-2021-4180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this...
Linux Distros Unpatched Vulnerability : CVE-2022-3261
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a...
Linux Distros Unpatched Vulnerability : CVE-2015-5303
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata...
Linux Distros Unpatched Vulnerability : CVE-2021-3585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. CVE-2021-35...