RHCOS 3 : OpenShift Container Platform 3.11.542 (RHSA-2021:3915)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3915 advisory. - kubernetes: Node disk DOS by writing to container /etc/hosts CVE-2020-8557 Note that Nessus has not tested for this issue but has instead...

Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads

Summary Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size...

CVE-2025-65844

EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directories via the /api/images endpoint. The endpoint is accessible without authentication by default, and server-side validation of uploaded files is insufficient. This can be abused to upload arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2016-4069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that...

SUSE CVE-2016-7498

OpenStack Compute nova 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service disk consumption by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression...

CVE-2020-8557 Kubernetes node disk Denial of Service by writing to container /etc/hosts

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral...

DEBIAN-CVE-2014-3672

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service host disk consumption by writing to stdout or stderr...

DEBIAN-CVE-2014-9623

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service disk consumption by deleting an image in the saving state...

rhevm: insufficient target domain permission check when cloning a VM from a snapshot

Red Hat Enterprise Virtualization Manager RHEVM before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service disk space consumption by cloning a VM from a snapshot...