326 matches found
AZL-41901 CVE-2022-2879 affecting package containerized-data-importer for versions less than 1.57.0-3
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...
CVE-2022-34434
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to th...
SUSE: Security Advisory (SUSE-SU-2022:3335-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: containerized-data-importer-api / etc (SUSE-SU-2022:3334-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3334-1 advisory. Update to version 1.51.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.51.0 Security...
SUSE-SU-2022:3335-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.43.2 - Release notes...
Packj - Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages
Packj pronounced package is a command line CLI tool to vet open-source software packages for "risky" attributes that make them vulnerable to supply chain attacks. This is the tool behind our large-scale security analysis platform Packj.dev that continuously vets packages and provides free reports...
Fedora: Security Advisory for toolbox (FEDORA-2022-5038c3236c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: toolbox-0.0.99.3-6.fc36
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI...
[SECURITY] Fedora 36 Update: toolbox-0.0.99.3-5.fc36
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI...
Service Fabric におけるLinux 上のコンテナ化されたワークロードからの特権昇格について
本ブログは、 Service Fabric Privilege Escalation from Containerized Workloads on Linux の抄訳版です。最新の情報は原文を参照してください。 協調的な脆弱性の公開...
KubeEdge Denial of Service Vulnerability
KubeEdge is an open source edge computing framework built on Kubernetes and extends containerized application orchestration and device management to hosts on the end. A denial-of-service vulnerability exists in KubeEdge versions prior to 1.11.0, prior to 1.10.1, and prior to 1.9.3, which can be...
Service Fabric Privilege Escalation from Containerized Workloads on Linux
Under Coordinated Vulnerability Disclosure CVD, cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric SF Linux clusters CVE-2022-30137. The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control...
CVE-2022-31077
KubeEdge CSI Driver vulnerability (CVE-2022-31077): A malicious response from KubeEdge can trigger a nil-pointer dereference in the CSI Driver controller, causing denial of service. Affected are KubeEdge releases prior to 1.11.0, 1.10.1, and 1.9.3. The flaw arises from a crash of the CSI Driver c...
PT-2022-5194 · Dell · Cloud Mobility For Dell Emc Storage
Name of the Vulnerable Software and Affected Versions: Cloud Mobility for Dell Storage versions 1.3.0 and earlier Description: The issue is related to improper authorization in the system, which can allow an attacker to access protected information. A threat actor with root-level access to either...
Important: Red Hat Security Advisory: Red Hat support for Spring Boot 2.5.10 update
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For...
CVE-2021-38125
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to...
Remote code execution
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to...
Micro Focus Operations Bridge Manager 安全漏洞
Micro Focus Operations Bridge Manager is a software application from Micro Focus UK. It provides a monitoring function. A security vulnerability exists in Micro Focus Operations Bridge containerized, which can be exploited by unauthenticated attackers to conduct remote code execution...
CVE-2022-1055
A use-after-free vulnerability was found in the tcnewtfilter function in net/sched/clsapi.c in the Linux kernel. The availability of local, unprivileged user namespaces allows privilege escalation. Mitigation On non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user...
Arbitrary file reads in HashiCorp Nomad
Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec or...