23 matches found
Astra Linux – Vulnerability in Golang-github-appc-cni
A flaw in path name limitations was identified in containernetworking/cni in versions prior to 0.8.1. When specifying the plugin to be loaded in the ‘type’ field of the network configuration, it is possible to use special elements such as “/” separators to reference binaries located elsewhere on...
EUVD-2022-1255
Malicious code in bioql PyPI...
RHEL 8 : podman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - podman: Symlink error leads to information disclosure CVE-2022-4122 - A flaw was found in Buildah. The...
RHEL 7 : containernetworking-cni (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - containernetworking-cni: Arbitrary path injection via type field in CNI configuration CVE-2021-20206 Note that Ness...
RHEL 8 : containernetworking-cni (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - containernetworking-cni: Arbitrary path injection via type field in CNI configuration CVE-2021-20206 Note that Ness...
Security Bulletin: IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities
Summary IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-41190 DESCRIPTION: Open Container Initiative Distribution Specification could allow a remote authenticated attacker to bypass security restrictions,...
SUSE SLES15 Security Update : podman (SUSE-SU-2023:0326-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0326-1 advisory. podman was updated to version 4.3.1: 4.3.1: Bugfixes - Fixed a deadlock between the podman ps and podman container inspect commands...
SUSE SLES15 / openSUSE 15 Security Update : cni-plugins (SUSE-SU-2022:4593-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4593-1 advisory. - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration bsc1181961. Tenable has extracted the...
SUSE SLES15 Security Update : cni (SUSE-SU-2022:4150-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4150-1 advisory. - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration bsc1181961. Tenable has extracted the preceding...
Fedora: Security Advisory for golang-github-containernetworking-cni (FEDORA-2022-5ef0bd9a27)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-containernetworking-cni (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for golang-github-containernetworking-cni (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: golang-github-containernetworking-cni-1.1.1-4.fc36
Container Network Interface - networking for Linux containers...
Fedora: Security Advisory for golang-github-containernetworking-cni (FEDORA-2022-725ac93b48)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE 15 Security Update : buildah (openSUSE-SU-2022:0770-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0770-1 advisory. - The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.43 security update
Red Hat OpenShift Container Platform release 4.7.43 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a...
containernetworking/cni improper limitation of path name
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...
CVE-2021-20206
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...
UBUNTU-CVE-2021-20206
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...
CVE-2021-20206
CVE-2021-20206 involves containernetworking/cni before 0.8.1 where the network configuration field type can include path traversal ("../"), allowing an authenticated attacker to reference and execute binaries outside the plugin directory (e.g., reboot). Impact affects confidentiality, integrity, ...