128 matches found
Medium: cni-plugins
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
Medium: cni-plugins
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
Amazon Linux 2023 : cni-plugins (ALAS2023-2024-618)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-618 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can...
SUSE-SU-2024:1145-1 Security update for buildah
This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...
SUSE-SU-2024:1144-1 Security update for buildah
This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...
SUSE-SU-2024:1143-1 Security update for buildah
This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. bsc1221677 - Update to version 1.34.1 for compatibility with Docker 25.0 which is not in SLES yet, but will eventually be bsc1219563. See the corresponding release...
openSUSE: Security Advisory for cni (SUSE-SU-2023:4075-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for cni (SUSE-SU-2023:3816-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for cni (SUSE-SU-2023:2869-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
conmon security update
conmon 2.1.3-8 - address CVE-2023-39326 cri-o 1.25.5-1 - Added Oracle Specifile Files for cri-o cri-tools 1.25.0-3 - Resolve CVE-2023-39326 flannel-cni-plugin 1.0.1-4 - Resolve CVE-2023-39326 helm 3.11.1-3 - address CVE-2023-39326 istio 1.16.7-3 - Updated Golang to 1.20.12 to address CVE...
conmon security update
conmon 2.1.3-7 - Resolve CVE-2023-39325 2.1.3-6 - Add ol8baseoslatest, and ol9baseoslatest, to Jenkinsfile 2.1.3-5 - Add systemd-devel as build requirement 2.1.3-4 - Add support ARM build cri-o 1.26.3-3 - Resolve CVE-2023-39325 1.26.3-2 - Add support for ARM build cri-tools 1.26.1-3 - Resolve...
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: cni-plugins, render-template, ip-masq-agent, kind, docker-credential-ecr-login, fulcio-fips, cortex, hubble-ui, oras, gosu, kubeflow-katib, aws-flb-kinesis, jsonnet-bundler, go-md2man, kubernetes-dashboard-metrics-scraper, metrics-server, aws-flb-firehose, hey,...
Amazon Linux 2023 : cni-plugins (ALAS2023-2023-419)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-419 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
Important: cni-plugins
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: cni-plugins Issue Correction: Run dnf update cni-plugi...
Amazon Linux 2 : cni-plugins (ALAS-2023-2325)
The version of cni-plugins installed on the remote host is prior to 1.2.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2325 advisory. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams...
Important: cni-plugins
Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 Affected Packages: cni-plugins Note: This advisory is applicable to Amazo...
SUSE: Security Advisory (SUSE-SU-2023:4127-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : cni-plugins (SUSE-SU-2023:4127-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4127-1 advisory. - rebuild the package with the go 1.21 security release bsc1212475. Tenable has extracted the preceding description block directly from the...
SUSE-SU-2023:4127-1 Security update for cni-plugins
This update of cni-plugins fixes the following issues: - rebuild the package with the go 1.21 security release bsc1212475...
PT-2023-36285 · Unknown · Cni-Plugins
Name of the Vulnerable Software and Affected Versions: cni-plugins affected versions not specified Description: The issue is related to a security release in the go 1.21 package, which is used to rebuild the cni-plugins package. Recommendations: At the moment, there is no information about a newe...