Lucene search
+L

134 matches found

Cvelist
Cvelist
added 2025/12/14 9:27 p.m.31 views

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS0.00361EPSS
Exploits0References2
OSV
OSV
added 2025/12/14 9:27 p.m.6 views

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.9AI score0.00361EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/14 9:27 p.m.3 views

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...

5.8CVSS6.4AI score0.00361EPSS
Exploits0References2
Kubernetes Security Advisories
Kubernetes Security Advisories
added 2025/11/30 11:8 p.m.6 views

Portworx Half-Blind SSRF in kube-controller-manager

CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N - Medium 5.8 A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This was patched for other in-tree StorageClasses GlusterFS, Quobyte, StorageOS, and...

5.8CVSS7.2AI score0.00361EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-4774

Malware in sbrugna...

8.8CVSS8.8AI score0.00973EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-4770

Malware in sbrugna...

8.8CVSS8.6AI score0.01169EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-4776

Malware in sbrugna...

8.8CVSS8.8AI score0.00913EPSS
Exploits1References3
OSV
OSV
added 2025/09/09 8:55 p.m.6 views

GHSA-G4JQ-H2W9-997C Vite middleware may serve files starting with the same name with the public directory

Summary Files starting with the same name with the public directory were served bypassing the server.fs settings. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - uses the public...

2.3CVSS6.6AI score0.0118EPSS
Exploits1References8
Microsoft CVE
Microsoft CVE
added 2025/09/03 11:6 p.m.3 views

RDMA/hns: Fix soft lockup under heavy CEQE load

...

5.5CVSS7AI score0.00144EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/01/29 4:12 a.m.3 views

SUSE CVE-2024-0137

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host's network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successfu...

5.5CVSS5.7AI score0.00318EPSS
Exploits0References4
OSV
OSV
added 2025/01/28 3:15 a.m.4 views

CVE-2024-0137

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successfu...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/28 3:10 a.m.12 views

CVE-2024-0137

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code running in the host’s network namespace. This vulnerability is present only when the NVIDIA Container Toolkit is configured in a nondefault way. A successfu...

5.5CVSS0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.10 views

NVIDIA Container Toolkit 安全漏洞

NVIDIA Container Toolkit is a container toolkit from NVIDIA, Inc. Allows users to build and run GPU-accelerated containers. NVIDIA Container Toolkit has a security vulnerability that stems from the inclusion of an incorrect isolation vulnerability, where a specially crafted container image could...

6.5CVSS5.5AI score0.00318EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.6 views

kernel: Information disclosure in vhost/vhost.c:vhost_new_msg()

A vulnerability was found in vhostnewmsg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhostnewmsg function. This issue can allow local privileged users to read...

5.5CVSS6.6AI score0.00236EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.5 views

CIRCUTOR Q-SMT 安全漏洞

CIRCUTOR Q-SMT is an industrial hardware device from CIRCUTOR, Inc. A security vulnerability exists in CIRCUTOR Q-SMT version 1.0.4, which stems from the implementation of the HTTP protocol only, and allows an attacker to access the host network and obtain legitimate credentials or steal sessions...

8.8CVSS6.8AI score0.00391EPSS
Exploits0References2
OSV
OSV
added 2024/08/21 3:28 p.m.20 views

GO-2022-0784 containerd-shim API Exposed to Host Network Containers in github.com/containerd/containerd

containerd-shim API Exposed to Host Network Containers in github.com/containerd/containerd...

5.2CVSS5.3AI score0.03236EPSS
Exploits4References8
SUSE CVE
SUSE CVE
added 2024/06/04 1:10 p.m.3 views

SUSE CVE-2020-15257

containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting...

7.8CVSS6.6AI score0.03236EPSS
Exploits4References21
Positive Technologies
Positive Technologies
added 2023/03/17 12:0 a.m.3 views

PT-2023-21235 · Cilium · Cilium

Name of the Vulnerable Software and Affected Versions: Cilium version 1.13.0 Description: Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this...

9.8CVSS7.1AI score0.00734EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.4 views

SUSE CVE-2019-14891

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management conmon processes being killed if a workload process triggers an out-of-memory OOM condition for the cgroup. An attacker could abuse this flaw to get...

6CVSS5.2AI score0.00691EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:35 a.m.4 views

SUSE CVE-2022-0532

An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace...

4.9CVSS4.6AI score0.00768EPSS
Exploits0References3
Rows per page
Query Builder