682 matches found
CVE-2022-24687
CVE-2022-24687 affects HashiCorp Consul and Consul Enterprise clusters: versions 1.9.0–1.9.14, 1.10.7, and 1.11.2 are vulnerable. A user with the service:write permission on an Ingress Gateway can register a specially-crafted service that may cause Consul servers to panic, impacting availability....
Incorrect Authorization
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...
KLA12395 RCE vulnerability in Microsoft SQL Server
Remote code execution vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-44228 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malwar...
USN-5188-1: Keepalived vulnerability
It was discovered that Keepalived incorrectly handled certain messages. An attacker could possibly use this issue to access-control bypass...
Fedora: Security Advisory for slurm (FEDORA-2021-0611d621ec)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for slurm (FEDORA-2021-d82d3d9738)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: slurm-21.08.4-1.fc34
Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...
CVE-2021-37939
It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connecto...
Exploit for OS Command Injection in Docker
CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal. CDK is for security testing purposes only. Overview CDK is an open-sourced container penetration toolkit, designed for offering stable...
Cloudera Manager incorrect access control vulnerability
Cloudera Manager is an end-to-end application for managing CDH clusters.An incorrect access control vulnerability exists in Cloudera Manager version 7.2.4. An attacker could exploit the vulnerability to elevate privileges and view restricted dashboards...
Cloudera Manager Cross-Site Scripting Vulnerability (CNVD-2021-103108)
Cloudera Manager is an end-to-end application for managing CDH clusters.Cloudera Manager versions 5., 6., 7.1., 7.2., and 7.3. are vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via path parameters...
Cloudera Manager Cross-Site Scripting Vulnerability (CNVD-2021-103106)
Cloudera Manager is an end-to-end application for managing CDH clusters.Cloudera Manager versions 5., 6., 7.1., 7.2., and 7.3. contain a cross-site scripting vulnerability. An attacker could use this vulnerability to launch an xss attack...
Cloudera Manager Authorization Bypass Vulnerability
Cloudera Manager is an end-to-end application for managing CDH clusters.An authorization bypass vulnerability exists in Cloudera Manager version 7.2.4. An attacker could exploit this vulnerability to elevate privileges...
Cloudera Manager 安全漏洞
Cloudera Manager is an end-to-end application for managing CDH clusters.An authorization bypass vulnerability exists in Cloudera Manager version 7.2.4. An attacker could exploit this vulnerability to elevate privileges...
Coordinated disclosure of vulnerability in Azure Container Instances Service
Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances ACI. Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the...
CVE-2021-25735
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...
Design/Logic Flaw
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...
CVE-2021-25735
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the No...
CVE-2021-21599
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to escalate privileges and escape the compliance guarantees. This only impacts Smartlock WORM compliance mode clusters as a critical...
CVE-2021-21595
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell...