46 matches found
CVE-2024-11584
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...
PT-2025-26944
Name of the Vulnerable Software and Affected Versions: cloud-init affected versions not specified Description: The issue occurs when a non-x86 platform is detected, causing cloud-init to grant root access to a hardcoded URL with a local IP address. By default, cloud-init configurations disable...
Amazon Linux 2 : ecs-init (ALASECS-2025-065)
The version of ecs-init installed on the remote host is prior to 1.94.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-065 advisory. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing...
Amazon Linux 2 : ecs-init (ALASECS-2025-067)
The version of ecs-init installed on the remote host is prior to 1.93.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-067 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where...
NewStart CGSL MAIN 7.02 : cloud-init Vulnerability (NS-SA-2025-0074)
The remote NewStart CGSL host, running version MAIN 7.02, has cloud-init packages installed that are affected by a vulnerability: - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...
Alibaba Cloud Linux 3 : 0257: cloud-init (ALINUX3-SA-2024:0257)
The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2024:0257 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3429: When instructing cloud-init to set a...
Vulnerability of the path_init() function in the drivers/interconnect/core.c module – The Linux kernel interconnect driver allows a hacker to gain access to protected information or cause service failures.
Vulnerability of the pathinit function in the drivers/interconnect/core.c module – The Linux kernel interconnect driver has vulnerabilities in its code. Exploiting this vulnerability could allow an attacker to access protected information or cause service failures...
Amazon Linux 2 : ecs-init (ALASECS-2025-050)
The version of ecs-init installed on the remote host is prior to 1.89.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-050 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as...
Amazon Linux 2 : ecs-init (ALASECS-2025-049)
The version of ecs-init installed on the remote host is prior to 1.89.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-049 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resultin...
Amazon Linux 2 : ecs-init (ALASECS-2025-051)
The version of ecs-init installed on the remote host is prior to 1.75.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-051 advisory. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures...
SUSE CVE-2024-45620
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...
CVE-2024-45618
CVE-2024-45618 affects OpenSC’s pkcs15-init component. The issue arises from insufficient or missing checking of return values, which can cause use of uninitialized variables after APDU responses from crafted USB devices or smart cards. Multiple connected advisories document the same core problem...
The vulnerability of the gtp_init() function in the Linux kernel’s drivers/net/gtp.c module allows a hacker to cause a service failure.
The vulnerability of the gtpinit function in the drivers/net/gtp.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
SUSE CVE-2023-4782
Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...
Terraform Allows Arbitrary File Write During Init Operation
Summary Terraform 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability, CVE-2023-4782, was fixed in Terraform 1.5.7. Background The core Terraform workflow uses 3 main operations; init , plan , and appl...
Medium: cloud-init
Issue Overview: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. CVE-2023-1786 Affected Packages: cloud-init Issue Correction: Run dnf update cloud-init --releasever...
The vulnerability of the mtk_vcodec_fw_vpu_init() function in the Linux kernel’s drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c file allows a attacker to cause a service failure or gain increased privileges.
The vulnerability of the mtkvcodecfwvpuinit function in the Linux kernel’s drivers/media/platform/mtk-vcodec/mtkvcodecfwvpu.c file is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...
RHEL 8 : cloud-init (RHSA-2021:3081)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3081 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...
NewStart CGSL MAIN 6.02 : cloud-init Vulnerability (NS-SA-2021-0051)
The remote NewStart CGSL host, running version MAIN 6.02, has cloud-init packages installed that are affected by a vulnerability: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some environment...
addr2line (=0.6.0), backtrace (>=0.3.6 <=0.3.9) +11 more potentially affected by CVE-2021-25901 via lazy-init (>=0.1.1 <=0.3.0)
lazy-init CARGO version =0.1.1, =0.3.6, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =0.4.0, =0.4.0, =0.2.0, =0.2.0, =0.1.0, =0.1.0, =0.3.0 Source cves: CVE-2021-25901 Source advisory: OSV:RUSTSEC-2021-0004...