192 matches found
Fedora: Security Advisory for nats-server (FEDORA-2023-6b89bc0305)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-cncf-xds (FEDORA-2023-6b89bc0305)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: golang-github-cncf-xds-0-0.10.20230912gite9ce688.fc39
XDS API Working Group...
Fedora: Security Advisory for nats-server (FEDORA-2023-c33188f575)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-45823
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...
CVE-2023-45822
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...
Authorization
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...
CVE-2023-45823 Arbitrary file read in Artifact Hub
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...
CVE-2023-45823 Arbitrary file read in Artifact Hub
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...
CVE-2023-45823
CVE-2023-45823 affects Artifact Hub. A bug allowed reading arbitrary files when processing git-based repositories loaded into Artifact Hub, due to insufficient validation of symbolic links in certain repositories. The root cause is lack of validation of symbolic links during repository cloning/pr...
CVE-2023-45822 Unsafe rego built-in allowed in Artifact Hub
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...
CVE-2023-45822 Unsafe rego built-in allowed in Artifact Hub
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...
CVE-2023-45822
Artifact Hub (the web-based NFT/CI group hub) is affected by CVE-2023-45822 due to a default unsafe rego built-in being allowed in authorization policies, enabling policies to perform HTTP requests and potentially expose internal resources. The root cause is that rego policies could issue network...
CVE-2023-45821
Artifact Hub (artifacthub.io) has a vulnerability in the registryIsDockerHub check where the code only inspects the registry domain ending with docker.io, enabling credential hijacking by using a fake OCI registry on a domain that ends with docker.io. The issue affects how Docker credentials used...
Fedora: Security Advisory for golang-github-cncf-xds (FEDORA-2023-f122ea1b3e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : golang-github-cncf-xds / golang-github-envoyproxy-control-plane / etc (2023-f122ea1b3e)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-f122ea1b3e advisory. Contains updates to address CVE-2022-28357,41717 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Oracle Linux 7 : kubernetes / kubeadm-upgrade / kubeadm-ha-setup (ELSA-2019-4593)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4593 advisory. - OLCNE-235 CVE-2019-9946 portmap inserts rules at the front of the iptables nat chains -- CVE-2019-9946 -- CVE-2019-1002101 -- CVE-2019-1002100...
Malicious code in cncf-interactive-landscape (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d2b9d2c5124b5a628ea48abf890a34baae186cb6a3844fc2617ad57b21be8d9 The OpenSSF Package Analysis project identified 'cncf-interactive-landscape' @ 1.0.6 npm as malicious. It is considered malicious because: - The...
MAL-2023-1561 Malicious code in cncf-interactive-landscape (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8d2b9d2c5124b5a628ea48abf890a34baae186cb6a3844fc2617ad57b21be8d9 The OpenSSF Package Analysis project identified 'cncf-interactive-landscape' @ 1.0.6 npm as malicious. It is considered malicious because: - The...
GHSA-PJ4X-2XR5-W87M Possible image tampering from missing image validation for Packages
Impact Crossplanes image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. Patches The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0, all the supported versions of Crossplane at the time of...