541 matches found
Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure
Summary Amazon Elastic Container Service Amazon ECS is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certain circumstances, improper input validation in the FSx Windows File Server volum...
Medium: ecs-service-connect-agent
Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1664)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1664 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To...
Medium: docker
Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...
Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-113 (ALASECS-2026-113)
The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-113 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...
CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...
CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials
Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...
CVE-2026-7461
CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...
Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-107 (ALASECS-2026-107)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-107 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in...
CVE-2026-4048 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process...
Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-101 (ALASECS-2026-101)
"The version of ecs-init installed on the remote host is prior to 1.102.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-101 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Un...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: kind, eksctl, atlantis-fips, extism, caddy, dask-gateway, mattermost, backup-restore-operator-fips, vendir, zitadel, prometheus, trivy-operator, cert-manager, karpenter-fips, gatekeeper-fips, kyverno, kube-arangodb-fips, nats, gitlab-operator-fips, atlas-fips,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: kind, eksctl, atlantis-fips, extism, caddy, dask-gateway, mattermost, backup-restore-operator-fips, vendir, zitadel, prometheus, trivy-operator, cert-manager, karpenter-fips, gatekeeper-fips, kyverno, kube-arangodb-fips, nats, gitlab-operator-fips, atlas-fips,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: actions-runner-controller-fips, crossplane-provider-sql-fips, kind, crossplane-provider-aws-backup, atlantis-fips, docker-machine-driver-linode, caddy, cluster-api-provider-vsphere, eksctl, dask-gateway, extism, nginx-prometheus-exporter, harbor-registry-fips,...
Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1532)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1532 advisory. Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it...
Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-100 (ALASECS-2026-100)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-100 advisory. Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and...
EulerOS Virtualization 2.12.1 : unbound (EulerOS-SA-2026-1467)
According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: actions-runner-controller-fips, crossplane-provider-sql-fips, kind, nginx-prometheus-exporter, atlantis-fips, x509-certificate-exporter, cluster-api-provider-vsphere, dask-gateway, oauth2-proxy, nri-kubernetes, harbor-registry-fips, mattermost,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: crossplane-provider-sql-fips, nginx-prometheus-exporter, x509-certificate-exporter, atlantis-fips, cluster-api-provider-vsphere, dask-gateway, oauth2-proxy, harbor-registry-fips, mattermost, crossplane-provider-aws-s3, backup-restore-operator-fips, fleet-server,...
Medium: ecs-init
Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...