Lucene search
+L

541 matches found

Github Security Blog
Github Security Blog
added 2026/05/07 1:22 a.m.14 views

Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure

Summary Amazon Elastic Container Service Amazon ECS is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. An issue exists where, under certain circumstances, improper input validation in the FSx Windows File Server volum...

5.9AI score
Exploits0References2Affected Software1
Amazon
Amazon
added 2026/05/05 12:0 a.m.9 views

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

7.5CVSS7.3AI score0.17301EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.14 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1664)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1664 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To...

7.5CVSS7AI score0.00495EPSS
Exploits0References4
Amazon
Amazon
added 2026/05/05 12:0 a.m.11 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00387EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.10 views

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-113 (ALASECS-2026-113)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-113 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/30 6:35 p.m.7 views

CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

7.5CVSS5.7AI score0.00547EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/30 6:35 p.m.37 views

CVE-2026-7461 OS Command Injection in Amazon ECS Agent via FSx Windows File Server Volume Credentials

Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a...

7.5CVSS0.00547EPSS
Exploits0References3
CVE
CVE
added 2026/04/30 6:35 p.m.27 views

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...

7.5CVSS5.7AI score0.00547EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.12 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-107 (ALASECS-2026-107)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-107 advisory. Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in...

7.5CVSS6.9AI score0.17301EPSS
Exploits2References12
Cvelist
Cvelist
added 2026/04/20 1:36 p.m.26 views

CVE-2026-4048 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process...

8.4CVSS0.02132EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.13 views

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2026-101 (ALASECS-2026-101)

"The version of ecs-init installed on the remote host is prior to 1.102.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-101 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Un...

9.1CVSS7.4AI score0.01557EPSS
Exploits1References10
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.8 views

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: kind, eksctl, atlantis-fips, extism, caddy, dask-gateway, mattermost, backup-restore-operator-fips, vendir, zitadel, prometheus, trivy-operator, cert-manager, karpenter-fips, gatekeeper-fips, kyverno, kube-arangodb-fips, nats, gitlab-operator-fips, atlas-fips,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.13 views

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: kind, eksctl, atlantis-fips, extism, caddy, dask-gateway, mattermost, backup-restore-operator-fips, vendir, zitadel, prometheus, trivy-operator, cert-manager, karpenter-fips, gatekeeper-fips, kyverno, kube-arangodb-fips, nats, gitlab-operator-fips, atlas-fips,...

5.5CVSS5.5AI score0.0029EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.15 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: actions-runner-controller-fips, crossplane-provider-sql-fips, kind, crossplane-provider-aws-backup, atlantis-fips, docker-machine-driver-linode, caddy, cluster-api-provider-vsphere, eksctl, dask-gateway, extism, nginx-prometheus-exporter, harbor-registry-fips,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.3 views

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2026-1532)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1532 advisory. Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it...

8.2CVSS5.9AI score0.00388EPSS
Exploits4References12
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.4 views

Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2026-100 (ALASECS-2026-100)

The version of ecs-service-connect-agent installed on the remote host is prior to v1.34.13.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-100 advisory. Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and...

8.2CVSS6AI score0.00388EPSS
Exploits4References12
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.4 views

EulerOS Virtualization 2.12.1 : unbound (EulerOS-SA-2026-1467)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/03/10 1:17 p.m.8 views

CVE-2026-25679 vulnerabilities

Vulnerabilities for packages: actions-runner-controller-fips, crossplane-provider-sql-fips, kind, nginx-prometheus-exporter, atlantis-fips, x509-certificate-exporter, cluster-api-provider-vsphere, dask-gateway, oauth2-proxy, nri-kubernetes, harbor-registry-fips, mattermost,...

7.5CVSS7.6AI score0.00728EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/10 1:17 p.m.11 views

GHSA-J4J7-VW47-RHFQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-sql-fips, nginx-prometheus-exporter, x509-certificate-exporter, atlantis-fips, cluster-api-provider-vsphere, dask-gateway, oauth2-proxy, harbor-registry-fips, mattermost, crossplane-provider-aws-s3, backup-restore-operator-fips, fleet-server,...

5.3AI score
Exploits0
Amazon
Amazon
added 2026/03/06 12:0 a.m.8 views

Medium: ecs-init

Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...

10CVSS7.2AI score0.01945EPSS
Exploits3
Rows per page
Query Builder