14 matches found
Privilege Escalation
github.com/rancher/rancher vulnerable to Privilege Escalation. The vulnerability is due to improper restrictions in node driver options, allowing unprivileged users to deploy nodes and post sensitive files such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml...
CVE-2021-47556
In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtoolsetcoalesce ethtoolsetcoalesce now uses both the .getcoalesce and .setcoalesce callbacks. But the check for their availability is buggy, so changing the coalesce settings on a...
CVE-2021-47556
In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtoolsetcoalesce ethtoolsetcoalesce now uses both the .getcoalesce and .setcoalesce callbacks. But the check for their availability is buggy, so changing the coalesce settings on a...
CVE-2021-47556 ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()
In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtoolsetcoalesce ethtoolsetcoalesce now uses both the .getcoalesce and .setcoalesce callbacks. But the check for their availability is buggy, so changing the coalesce settings on a...
CVE-2021-47556 ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce()
In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtoolsetcoalesce ethtoolsetcoalesce now uses both the .getcoalesce and .setcoalesce callbacks. But the check for their availability is buggy, so changing the coalesce settings on a...
Rancher Privilege Escalation Vulnerability
In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...
RancherOS 1.6.x < 1.6.28 / 2.0.x < 2.0.15 / 2.1.x < 2.1.10 / 2.2.x < 2.2.4 Arbitrary File Read
In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...
CVE-2019-12274
In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...
Code injection
In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...
Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the xorg-x11-driver-options package of the SUSE Linux Enterprise operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the xorg-x11-driver-options package of the OpenSUSE operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the XFree86-driver-options package of the OpenSUSE operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the XFree86-driver-options package of the SUSE Linux Enterprise operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
openSUSE 10 Security Update : km_drm (km_drm-4484)
This update fixes the following issues: X Font Server buildrange Integer Overflow Vulnerability IDEF2708, X Font Server swapchar2b Heap Overflow Vulnerability IDEF2709, Composite extension buffer overflow. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...