Azure Linux 3.0 Security Update: cifs-utils (CVE-2025-2312)

The version of cifs-utils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2312 advisory. - A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from...

CBL Mariner 2.0 Security Update: cifs-utils (CVE-2025-2312)

The version of cifs-utils installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2312 advisory. - A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from...

cifs.upcall makes an upcall to the wrong namespace in containerized environments

...

DEBIAN-CVE-2025-2312

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...

CVE-2025-2312

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...

CVE-2025-2312 cifs.upcall makes an upcall to the wrong namespace in containerized environments

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...

CVE-2025-2312

CVE-2025-2312 affects cifs-utils (cifs.upcall) where, in containerized environments, an upcall is made to the wrong namespace, risking disclosure of the host Kerberos credentials cache. Public advisories across multiple distributions (Debian, Mageia, Alpine Linux, CBL-Mariner) confirm the flaw an...

CVE-2025-2312

A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong namespace in containerized environments. This issue may lead to disclosing sensitive data from the host's Kerberos credentials cache...

Azure Linux 3.0 Security Update: azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns (CVE-2025-22868)

The version of azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22868 advisory. - An attacker can pass a malicious malforme...

Azure Linux 3.0 Security Update: cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb (CVE-2025-27144)

The version of cert-manager / containerd / containerd2 / containerized-data-importer / dcos-cli / influxdb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27144 advisory. - Go JOSE provides an...

CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.57.0-13

CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.57.0-13. A patched version of the package is available...

CVE-2023-45288 affecting package containerized-data-importer for versions less than 1.57.0-11

CVE-2023-45288 affecting package containerized-data-importer for versions less than 1.57.0-11. A patched version of the package is available...

CVE-2025-22868 affecting package containerized-data-importer for versions less than 1.57.0-13

CVE-2025-22868 affecting package containerized-data-importer for versions less than 1.57.0-13. A patched version of the package is available...

CVE-2023-3978 affecting package containerized-data-importer for versions less than 1.57.0-12

CVE-2023-3978 affecting package containerized-data-importer for versions less than 1.57.0-12. A patched version of the package is available...

CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.55.0-23

CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.55.0-23. A patched version of the package is available...

CBL Mariner 2.0 Security Update: azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns (CVE-2025-22868)

The version of azcopy / blobfuse2 / cert-manager / containerized-data-importer / coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22868 advisory. - An attacker can pass a malicious malforme...

AZL-57356 CVE-2025-22868 affecting package containerized-data-importer for versions less than 1.57.0-13

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

openSUSE Security Advisory (SUSE-SU-2024:2638-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-57180 CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.55.0-23

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

Azure Linux 3.0 Security Update: golang / ig / moby-engine / skopeo (CVE-2022-2879)

The version of golang / ig / moby-engine / skopeo installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2879 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A malicious...