Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.48 extras security update

Red Hat OpenShift Container Platform release 4.9.48 is now available with updates to packages and images that fix several bugs. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Malicious code in faust-nx-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a13a7f17aa394d9547f5e79e53347c4a9c43f05d6e49941d23526b430482b69a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2970 Malicious code in faust-nx-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a13a7f17aa394d9547f5e79e53347c4a9c43f05d6e49941d23526b430482b69a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Integrating Cloud Security With DevOps and CI/CD Tools

This is the latest post in our blog series on shifting left in cloud security. In our last post, we kicked off the series with a high-level overview about Rapid7’s approach to shifting cloud security into the application development lifecycle. For this post, we’ll dive into a key aspect of our...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.6.61 security and extras update

Red Hat OpenShift Container Platform release 4.6.61 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.6. Red Hat Product Security has rated this update as having a...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.11.3 packages and security update

Red Hat OpenShift Container Platform release 4.11.3 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

AZL-43338 CVE-2021-43565 affecting package gh for versions less than 2.13.0-19

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server...

CVE-2022-23681

Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version...

CVE-2022-23682

Multiple vulnerabilities exist in the AOS-CX command line interface that could lead to authenticated command injection. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete switch compromise in ArubaOS-CX version...

GHSA-XWF3-6RGV-939R Flux CLI Workload Injection

Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the...

Flux CLI Workload Injection

Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.47 bug fix and security update

Red Hat OpenShift Container Platform release 4.9.47 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...

CVE-2022-36035

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration like Git repositories, and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allow...

CVE-2022-36035 Flux CLI Workload Injection

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration like Git repositories, and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allow...

CVE-2022-36035

CVE-2022-36035 affects Flux CLI (github.com/fluxcd/flux2) where Flux CLI can be exploited to replace deployment information in a Kubernetes cluster with arbitrary content due to improper handling of user input, enabling path traversal. If exploited, this can result in deploying arbitrary content ...

CVE-2022-36035 Flux CLI Workload Injection

Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration like Git repositories, and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allow...

PT-2022-4594 · Flux · Flux

Name of the Vulnerable Software and Affected Versions: Flux affected versions not specified Description: The issue is related to the improper handling of user-supplied input in the Flux CLI, which results in a path traversal that can be controlled by the attacker. This allows other applications t...

Now Available on GitHub: Akamai CLI Utility v1.0 for Akamai Terraform

With v0.9 of the Akamai CLI for Terraform, application development teams can build on infrastructure as code IaC and maintain rapid development without compromising security...

Masky - Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory

Masky is a python library providing an alternative way to remotely dump domain users' credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes and TGT on a larger scope. This tool does not exploit any new vulnerability and...

Cisco FXOS Software Unidirectional Link Detection Command Injection (cisco-sa-fxos-cmdinj-TxcLNZNH)

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of...