31 matches found
Security update for amazon-ecs-init (important)
openSUSE security update: security update for amazon-ecs-init ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21013-1 Rating: important References: bsc1265843 bsc1266652 Cross-References: CVE-2026-33814 CVE-2026-39821 CVSS scores: CVE-2026-33814 SUS...
GO-2026-5353 Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure in github.com/aws/amazon-ecs-agent
Amazon ECS Container Agent Windows is vulnerable to Information Disclosure in github.com/aws/amazon-ecs-agent...
SUSE-SU-2026:22320-1 Security update for amazon-ecs-init
This update for amazon-ecs-init fixes the following issues Update to version 1.103.2: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265843. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded...
OPENSUSE-SU-2026:21013-1 Security update for amazon-ecs-init
This update for amazon-ecs-init fixes the following issues Update to version 1.103.2: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265843. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded...
amazon-ecs-init-1.103.2-1.1 on GA media (moderate)
amazon-ecs-init-1.103.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10871-1 Rating: moderate Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2026-39821 SUSE : 9.1...
OPENSUSE-SU-2026:10871-1 amazon-ecs-init-1.103.2-1.1 on GA media
These are all security issues fixed in the amazon-ecs-init-1.103.2-1.1 package on the GA media of openSUSE Tumbleweed...
amazon-ecs-init-1.103.0-2.1 on GA media (moderate)
amazon-ecs-init-1.103.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10848-1 Rating: moderate Cross-References: CVE-2026-33814 CVSS scores: CVE-2026-33814 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability ca...
OPENSUSE-SU-2026:10848-1 amazon-ecs-init-1.103.0-2.1 on GA media
These are all security issues fixed in the amazon-ecs-init-1.103.0-2.1 package on the GA media of openSUSE Tumbleweed...
Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure
Summary Amazon Elastic Container Service Amazon ECS is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certain circumstances, improper input validation in the FSx Windows File Server volum...
CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...
CVE-2026-7461
CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: cephcsi-fips, net-kourier-fips, kubernetes-csi-driver-nfs, k8ssandra-client, consul-fips, cloud-provider-aws, azuredisk-csi-fips, newrelic-infrastructure-agent-fips, helm-mapkubeapis, syft, kubescape-server-fips, oras, istio, cilium, jaeger, trivy-operator,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: cephcsi-fips, net-kourier-fips, kubernetes-csi-driver-nfs, k8ssandra-client, consul-fips, cloud-provider-aws, azuredisk-csi-fips, newrelic-infrastructure-agent-fips, helm-mapkubeapis, syft, kubescape-server-fips, oras, istio, cilium, jaeger, trivy-operator,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, mongodb-kubernetes-operator, crossplane-provider-aws-route53-fips, cephcsi-fips, mountpoint-s3-csi-driver, nri-haproxy, gcp-compute-persistent-disk-csi-driver, net-kourier-fips, kubernetes-dashboard-metrics-scraper-fips, tempo-fips,...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, mongodb-kubernetes-operator, crossplane-provider-aws-route53-fips, cephcsi-fips, mountpoint-s3-csi-driver, gcp-compute-persistent-disk-csi-driver, net-kourier-fips, kubernetes-dashboard-metrics-scraper-fips, ollama-fips, kapp-controller,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-route53-fips, cephcsi-fips, gcp-compute-persistent-disk-csi-driver, net-kourier-fips, ollama-fips, tempo-fips, kapp-controller, kubernetes-csi-driver-nfs, tetragon, crossplane-provider-aws-cloudfront-fips, nginx-prometheus-exporter,...
GHSA-WM7X-WW72-R77Q Information Disclosure in Amazon ECS Container Agent
Summary Amazon Elastic Container Service Amazon ECS is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an introspection API that provides information about the overall state of the...
CVE-2025-9039 Information Disclosure in Amazon ECS Container Agent
We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is...
CVE-2025-9039 Information Disclosure in Amazon ECS Container Agent
We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is...
PT-2025-33310
Name of the Vulnerable Software and Affected Versions: Amazon ECS agent versions 0.0.3 through 1.97.0 Description: An issue was identified in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the sa...