Lucene search
K

326 matches found

OSV
OSV
added 2022/10/14 3:15 p.m.7 views

AZL-41901 CVE-2022-2879 affecting package containerized-data-importer for versions less than 1.57.0-3

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

7.5CVSS6.7AI score0.01544EPSS
Exploits0References1
NVD
NVD
added 2022/10/11 5:15 p.m.12 views

CVE-2022-34434

Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...

6.7CVSS0.00179EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/09/23 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2022:3335-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS10AI score0.02737EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.40 views

SUSE SLES15: containerized-data-importer-api / etc (SUSE-SU-2022:3334-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3334-1 advisory. Update to version 1.51.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.51.0 Security...

9.3CVSS7.4AI score0.02737EPSS
Exploits1References4
OSV
OSV
added 2022/09/22 6:51 a.m.6 views

SUSE-SU-2022:3335-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.43.2 - Release notes...

9.3CVSS9.9AI score0.02737EPSS
Exploits1References3
Kitploit
Kitploit
added 2022/08/10 12:30 p.m.72 views

Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages

Packj pronounced package is a command line CLI tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports...

7.5CVSS7.8AI score0.07443EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2022/08/01 12:0 a.m.7 views

Fedora: Security Advisory for toolbox (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2022/07/31 1:37 a.m.18 views

[SECURITY] Fedora 36 Update: toolbox-0.0.99.3-6.fc36

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI...

2.4AI score
Exploits0
Fedora
Fedora
added 2022/07/04 1:35 a.m.29 views

[SECURITY] Fedora 36 Update: toolbox-0.0.99.3-5.fc36

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI...

9.3CVSS8.2AI score0.05994EPSS
Exploits4
MSRC
MSRC
added 2022/06/30 7:0 a.m.11 views

Service Fabric におけるLinux 上のコンテナ化されたワークロードからの特権昇格について

本ブログは、 Service Fabric Privilege Escalation from Containerized Workloads on Linux の抄訳版です。最新の情報は原文を参照してください。 協調的な脆弱性の公開...

2.9AI score
Exploits0
CNVD
CNVD
added 2022/06/30 12:0 a.m.27 views

KubeEdge Denial of Service Vulnerability

KubeEdge is an open source edge computing framework built on Kubernetes and extends containerized application orchestration and device management to hosts on the end. A denial-of-service vulnerability exists in KubeEdge versions prior to 1.11.0, prior to 1.10.1, and prior to 1.9.3, which can be...

5.7CVSS5.3AI score0.00761EPSS
Exploits0References1
MSRC
MSRC
added 2022/06/28 11:35 p.m.32 views

Service Fabric Privilege Escalation from Containerized Workloads on Linux

Under Coordinated Vulnerability Disclosure CVD, cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric SF Linux clusters CVE-2022-30137. The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control...

4.6CVSS1.7AI score0.01164EPSS
Exploits0
CVE
CVE
added 2022/06/27 8:10 p.m.82 views

CVE-2022-31077

KubeEdge CSI Driver vulnerability (CVE-2022-31077): A malicious response from KubeEdge can trigger a nil-pointer dereference in the CSI Driver controller, causing denial of service. Affected are KubeEdge releases prior to 1.11.0, 1.10.1, and 1.9.3. The flaw arises from a crash of the CSI Driver c...

5.7CVSS4.8AI score0.00761EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/23 12:0 a.m.4 views

PT-2022-5194 · Dell · Cloud Mobility For Dell Emc Storage

Name of the Vulnerable Software and Affected Versions: Cloud Mobility for Dell Storage versions 1.3.0 and earlier Description: The issue is related to improper authorization in the system, which can allow an attacker to access protected information. A threat actor with root-level access to either...

6.8CVSS6.2AI score0.00179EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/12 7:6 p.m.96 views

Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.5.10 update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For...

7.5CVSS6.6AI score0.75353EPSS
Exploits1References12
OSV
OSV
added 2022/04/11 8:15 p.m.2 views

CVE-2021-38125

Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to...

9.8CVSS6.3AI score0.01882EPSS
Exploits0References1
Prion
Prion
added 2022/04/11 8:15 p.m.11 views

Remote code execution

Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to...

6.8CVSS9.8AI score0.01882EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.21 views

Micro Focus Operations Bridge Manager 安全漏洞

Micro Focus Operations Bridge Manager is a software application from Micro Focus UK. It provides a monitoring function. A security vulnerability exists in Micro Focus Operations Bridge containerized, which can be exploited by unauthenticated attackers to conduct remote code execution...

9.8CVSS8.8AI score0.01882EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/03/31 8:47 p.m.70 views

CVE-2022-1055

A use-after-free vulnerability was found in the tcnewtfilter function in net/sched/clsapi.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation. Mitigation On non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user...

8.6CVSS1.9AI score0.00504EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/02/18 12:0 a.m.31 views

Arbitrary file reads in HashiCorp Nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec or...

7.8CVSS2.2AI score0.01515EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder