Lucene search
+L

224 matches found

SUSE CVE
SUSE CVE
added 2024/10/25 3:48 a.m.5 views

SUSE CVE-2022-45157

A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext...

9.1CVSS6.8AI score0.00438EPSS
Exploits0References7
CBLMariner
CBLMariner
added 2024/10/15 11:45 p.m.18 views

CVE-2024-28180 affecting package kube-vip-cloud-provider for versions less than 0.0.2-19

CVE-2024-28180 affecting package kube-vip-cloud-provider for versions less than 0.0.2-19. A patched version of the package is available...

4.3CVSS5.2AI score0.01956EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/07/22 3:42 p.m.15 views

CVE-2024-24786 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

CVE-2024-24786 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS6.8AI score0.01262EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/07/22 3:42 p.m.14 views

CVE-2023-39325 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

CVE-2023-39325 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.8AI score0.03796EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/07/22 3:42 p.m.18 views

CVE-2023-45288 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

CVE-2023-45288 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.8AI score0.91969EPSS
Exploits1
CBLMariner
CBLMariner
added 2024/07/22 3:42 p.m.26 views

CVE-2023-47108 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

CVE-2023-47108 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1. A patched version of the package is available...

7.5CVSS7.7AI score0.01592EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/07/22 3:42 p.m.22 views

CVE-2023-45142 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

CVE-2023-45142 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.7AI score0.01364EPSS
Exploits0
OSV
OSV
added 2024/06/17 10:30 p.m.24 views

GHSA-6GR4-52W6-VMQX rke's credentials are stored in the RKE1 Cluster state ConfigMap

Impact When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data: -...

9.9CVSS9.1AI score0.00641EPSS
Exploits0References6
Fedora
Fedora
added 2024/06/02 3:39 a.m.16 views

[SECURITY] Fedora 39 Update: rust-afterburn-5.5.1-4.fc39

A simple cloud provider agent...

7.3AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2024/06/01 1:43 p.m.22 views

The Ticketmaster Data Breach May Be Just the Beginning

Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be uncovered...

7.4AI score
Exploits0
Fedora
Fedora
added 2024/05/26 1:28 a.m.10 views

[SECURITY] Fedora 40 Update: rust-afterburn-5.5.1-4.fc40

A simple cloud provider agent...

7.3AI score
Exploits0
OSV
OSV
added 2024/05/15 12:42 a.m.4 views

CVE-2024-3744 Kubernetes azure-file-csi-driver in versions before 1.29.4 and 1.30.1 discloses service account tokens in logs

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged whe...

6.5CVSS6.6AI score0.00269EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/04/24 8:2 p.m.23 views

Sensitive Information leak via Log File in Kubernetes

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

5.5CVSS7AI score0.00505EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/04/04 9:15 p.m.9 views

AZL-38623 CVE-2023-45288 affecting package kube-vip-cloud-provider for versions less than 0.0.10-1

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
CBLMariner
CBLMariner
added 2024/03/19 5:21 p.m.28 views

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12

CVE-2023-44487 affecting package kube-vip-cloud-provider for versions less than 0.0.2-12. A patched version of the package is available...

7.5CVSS8.2AI score0.99999EPSS
Exploits20
OSV
OSV
added 2024/03/09 1:15 a.m.6 views

AZL-35844 CVE-2024-28180 affecting package kube-vip-cloud-provider for versions less than 0.0.2-19

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2024/02/09 7:7 p.m.23 views

CVE-2021-44716 affecting package kube-vip-cloud-provider for versions less than 0.0.2-16

CVE-2021-44716 affecting package kube-vip-cloud-provider for versions less than 0.0.2-16. A patched version of the package is available...

7.5CVSS8.1AI score0.03958EPSS
Exploits0
NVD
NVD
added 2024/02/01 11:15 p.m.28 views

CVE-2023-6221

The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller PLC, PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal...

7.7CVSS7.7AI score0.00582EPSS
Exploits0References2
Prion
Prion
added 2024/02/01 11:15 p.m.21 views

Command injection

The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller PLC, PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal...

4CVSS7.1AI score0.00582EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/01 10:18 p.m.11 views

CVE-2023-6221 MachineSense FeverWarn Missing Authentication for Critical Function

The cloud provider MachineSense uses for integration and deployment for multiple MachineSense devices, such as the programmable logic controller PLC, PumpSense, PowerAnalyzer, FeverWarn, and others is insufficiently protected against unauthorized access. An attacker with access to the internal...

7.7CVSS7.5AI score0.00582EPSS
Exploits0References2
Rows per page
Query Builder