Lucene search
K

61 matches found

OSV
OSV
added 2019/03/25 10:29 p.m.15 views

CVE-2019-0204

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain...

7.8CVSS7.4AI score
Exploits0References3
Prion
Prion
added 2019/03/25 10:29 p.m.17 views

Design/Logic Flaw

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain...

9.3CVSS8.3AI score0.02712EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2019/03/25 9:43 p.m.24 views

CVE-2019-0204

A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain...

8.3AI score0.02712EPSS
Exploits0References3
CVE
CVE
added 2019/03/25 9:43 p.m.227 views

CVE-2019-0204

CVE-2019-0204 affects Apache Mesos (pre-1.4.x, and 1.4.0–1.4.2, 1.5.0–1.5.2, 1.6.0–1.6.1, 1.7.0–1.7.1). A crafted Docker image run as root can overwrite the container runtime init helper binary and/or the Mesos command executor, enabling root-level code execution on the host. Public records in th...

9.3CVSS7.9AI score0.02712EPSS
In wildExploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2019/03/11 11:49 a.m.26 views

CVE-2018-11793

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

7.5CVSS3.6AI score0.0497EPSS
Exploits0References3
CNVD
CNVD
added 2019/03/07 12:0 a.m.7 views

Apache Mesos Denial of Service Vulnerability (CNVD-2019-40567)

Apache Mesos is the United States Apache Apache Software Foundation of a set of support for Hadoop, ElasticSearch and Spark and other application architecture of open source cluster management software. A denial of service vulnerability exists in Apache Mesos, which can be exploited by an attacke...

7.5CVSS6.8AI score0.0497EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2019/03/06 5:36 p.m.23 views

com.hubspot.mesos.rx.java.example:mesos-rxjava-example-framework (=0.1.0), com.hubspot.mesos.rx.java:mesos-rxjava-protobuf-client (=0.1.0) +4 more potentially affected by CVE-2018-11793 via org.apache.mesos:mesos (=1.6.1)

org.apache.mesos:mesos MAVEN version =1.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.mesos:mesos and may be impacted: - com.hubspot.mesos.rx.java.example:mesos-rxjava-example-framework =0.1.0 -...

7.5CVSS7.1AI score0.0497EPSS
Exploits0
OSV
OSV
added 2019/03/06 5:36 p.m.38 views

GHSA-P2XQ-VCM7-XJJ6 Stack Overflow in Apache Mesos

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

7.5CVSS7.1AI score0.0497EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/03/06 5:36 p.m.32 views

Stack Overflow in Apache Mesos

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

7.5CVSS3.5AI score0.0497EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2019/03/05 9:29 p.m.14 views

Design/Logic Flaw

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

5CVSS7.7AI score0.0497EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/03/05 9:29 p.m.21 views

CVE-2018-11793

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

7.5CVSS7.5AI score
Exploits0References2
NVD
NVD
added 2019/03/05 9:29 p.m.27 views

CVE-2018-11793

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

7.5CVSS7.8AI score0.0497EPSS
Exploits0References2
CVE
CVE
added 2019/03/05 9:0 p.m.98 views

CVE-2018-11793

Apache Mesos is affected in versions pre-1.4.x and specific 1.4.x/1.5.x/1.6.x/1.7.0 branches. The issue is an unbounded recursion during parsing of deeply nested JSON payloads, which can overflow the stack and cause a denial of service/crash of Mesos masters. The impact is DoS rendering the clust...

7.5CVSS7.3AI score0.0497EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/03/05 9:0 p.m.29 views

CVE-2018-11793

When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters...

8.4AI score0.0497EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/02/26 12:0 a.m.31 views

Apache Mesos Detection

Detection of Apache Mesos. The script sends a connection request to the server and attempts to detect Apache Mesos and to extract its version. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

0.5AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2018/10/17 7:54 p.m.30 views

Moderate severity vulnerability that affects org.apache.mesos:mesos

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...

5.9CVSS0.6AI score0.03056EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/10/17 7:54 p.m.41 views

GHSA-C8CC-P3J7-4C7F Moderate severity vulnerability that affects org.apache.mesos:mesos

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...

5.9CVSS5.9AI score0.03056EPSS
Exploits0References4
CNVD
CNVD
added 2018/09/26 12:0 a.m.7 views

Apache Mesos Information Disclosure Vulnerability

Apache Mesos is the United States Apache Apache Software Foundation of a set of support for Hadoop, ElasticSearch and Spark and other application architecture of open source cluster management software. A security vulnerability exists in the comparison of the HMAC values generated in Apache Mesos...

5.9CVSS6AI score0.03056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2018/09/25 3:49 p.m.37 views

CVE-2018-8023

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...

5.9CVSS0.8AI score0.03056EPSS
Exploits0References2
NVD
NVD
added 2018/09/21 1:29 p.m.30 views

CVE-2018-8023

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token JWT. In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timi...

5.9CVSS7.4AI score0.03056EPSS
Exploits0References2
Rows per page
Query Builder