Lucene search
+L

128 matches found

Amazon
Amazon
added 2024/05/13 12:0 a.m.5 views

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

5.3CVSS6.8AI score0.01208EPSS
Exploits0
Amazon
Amazon
added 2024/05/13 12:0 a.m.7 views

Medium: cni-plugins

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

5.3CVSS5.6AI score0.01208EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/13 12:0 a.m.27 views

Amazon Linux 2023 : cni-plugins (ALAS2023-2024-618)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-618 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can...

5.3CVSS6.9AI score0.01208EPSS
Exploits0References4
OSV
OSV
added 2024/04/08 9:34 a.m.7 views

SUSE-SU-2024:1145-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...

8.6CVSS8.9AI score0.0049EPSS
Exploits0References5
OSV
OSV
added 2024/04/08 9:34 a.m.10 views

SUSE-SU-2024:1144-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...

8.6CVSS8.9AI score0.0049EPSS
Exploits0References5
OSV
OSV
added 2024/04/08 9:32 a.m.5 views

SUSE-SU-2024:1143-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...

8.6CVSS8.9AI score0.0049EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.10 views

openSUSE: Security Advisory for cni (SUSE-SU-2023:4075-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.9 views

openSUSE: Security Advisory for cni (SUSE-SU-2023:3816-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.10 views

openSUSE: Security Advisory for cni (SUSE-SU-2023:2869-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Oracle linux
Oracle linux
added 2024/03/01 12:0 a.m.60 views

conmon security update

conmon 2.1.3-8 - address CVE-2023-39326 cri-o 1.25.5-1 - Added Oracle Specifile Files for cri-o cri-tools 1.25.0-3 - Resolve CVE-2023-39326 flannel-cni-plugin 1.0.1-4 - Resolve CVE-2023-39326 helm 3.11.1-3 - address CVE-2023-39326 istio 1.16.7-3 - Updated Golang to 1.20.12 to address CVE...

5.3CVSS7.1AI score0.01208EPSS
Exploits0
Oracle linux
Oracle linux
added 2023/12/19 12:0 a.m.78 views

conmon security update

conmon 2.1.3-7 - Resolve CVE-2023-39325 2.1.3-6 - Add ol8baseoslatest, and ol9baseoslatest, to Jenkinsfile 2.1.3-5 - Add systemd-devel as build requirement 2.1.3-4 - Add support ARM build cri-o 1.26.3-3 - Resolve CVE-2023-39325 1.26.3-2 - Add support for ARM build cri-tools 1.26.1-3 - Resolve...

8.2CVSS7.9AI score0.99999EPSS
Exploits20
Chainguard
Chainguard
added 2023/12/06 5:15 p.m.796 views

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: cni-plugins, render-template, ip-masq-agent, kind, docker-credential-ecr-login, fulcio-fips, cortex, hubble-ui, oras, gosu, kubeflow-katib, aws-flb-kinesis, jsonnet-bundler, go-md2man, kubernetes-dashboard-metrics-scraper, metrics-server, aws-flb-firehose, hey,...

7.5CVSS6.7AI score0.01137EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/04 12:0 a.m.25 views

Amazon Linux 2023 : cni-plugins (ALAS2023-2023-419)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-419 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.9AI score0.03796EPSS
Exploits0References4
Amazon
Amazon
added 2023/11/03 12:0 a.m.14 views

Important: cni-plugins

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: cni-plugins Issue Correction: Run dnf update cni-plugi...

7.5CVSS6.8AI score0.03796EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.37 views

Amazon Linux 2 : cni-plugins (ALAS-2023-2325)

The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2325 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...

7.5CVSS7AI score0.03796EPSS
Exploits0References4
Amazon
Amazon
added 2023/11/01 12:0 a.m.57 views

Important: cni-plugins

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: cni-plugins Note: This advisory is applicable to Amazo...

7.5CVSS6.9AI score0.03796EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/10/20 12:0 a.m.3 views

SUSE: Security Advisory (SUSE-SU-2023:4127-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.12 views

SUSE SLES15 Security Update : cni-plugins (SUSE-SU-2023:4127-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4127-1 advisory. - rebuild the package with the go 1.21 security release bsc1212475. Tenable has extracted the preceding description block directly from the...

5.9AI score
Exploits0References3
OSV
OSV
added 2023/10/19 7:44 a.m.5 views

SUSE-SU-2023:4127-1 Security update for cni-plugins

This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release bsc1212475...

7.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.4 views

PT-2023-36285 · Unknown · Cni-Plugins

Name of the Vulnerable Software and Affected Versions: cni-plugins affected versions not specified Description: The issue is related to a security release in the go 1.21 package, which is used to rebuild the cni-plugins package. Recommendations: At the moment, there is no information about a newe...

6.9AI score
Exploits0References4
Rows per page
Query Builder