EUVD-2020-18852

Malware in sbrugna...

EUVD-2021-0955

Malware in sbrugna...

CVE-2020-11091

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

GO-2022-0794 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements in github.com/weaveworks/weave

Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements in github.com/weaveworks/weave...

SUSE CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

GHSA-59QG-GRP7-5R73 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements

Impact An attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 on the kernel cmdline, it wi...

Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements

Impact An attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 on the kernel cmdline, it wi...

CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

CVE-2020-26278

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

Design/Logic Flaw

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

CVE-2020-26278 Weave Net Pods running in host PID namespace can be used to escalate other Kubernetes vulnerabilities

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...

CVE-2020-26278

Weave Net versions prior to 2.8.0 expose a privilege escalation risk: the pods running on every node are deployed with privileged: true and hostPID: true, enabling the pod to access host processes and write to the host filesystem. This can allow an attacker to take over a host in the Kubernetes c...

Weaveworks Weave Net Security Breach

Weaveworks Weave Net is a cloud-native networking toolkit from Weaveworks UK. Weave Net suffers from a security vulnerability that can be exploited by an attacker to take over any host in a cluster...

Unspecified Vulnerability in Weaveworks Weave Net

Weaveworks Weave Net is a cloud-native networking toolkit from Weaveworks UK. A security vulnerability in Weaveworks Weave Net versions prior to 2.6.3 can be exploited by an attacker to reconfigure a host to redirect some or all of the host's IPv6 traffic to a container under the attacker's contr...

CVE-2020-11091

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

CVE-2020-11091

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

CVE-2020-11091

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

Command injection

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

CVE-2020-11091 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements

In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...

CVE-2020-11091

CVE-2020-11091 affects Weave Net up to version 2.6.3. An attacker that can run a root process in a container can respond to DNS requests from the host and insert themselves as a fake service. In IPv4 internal networks, if IPv6 is not fully disabled and IPv6 forwarding is off but accept_ra is on, ...