Lucene search
K

46 matches found

OSV
OSV
added 2025/06/26 9:25 a.m.8 views

CVE-2024-11584

cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...

5.9CVSS7.2AI score0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.5 views

PT-2025-26944

Name of the Vulnerable Software and Affected Versions: cloud-init affected versions not specified Description: The issue occurs when a non-x86 platform is detected, causing cloud-init to grant root access to a hardcoded URL with a local IP address. By default, cloud-init configurations disable...

8.8CVSS6.1AI score0.00205EPSS
Exploits0References43
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.6 views

Amazon Linux 2 : ecs-init (ALASECS-2025-065)

The version of ecs-init installed on the remote host is prior to 1.94.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-065 advisory. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing...

6.5CVSS7.5AI score0.00478EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/06/11 12:0 a.m.5 views

Amazon Linux 2 : ecs-init (ALASECS-2025-067)

The version of ecs-init installed on the remote host is prior to 1.93.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-067 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where...

7.8CVSS6.4AI score0.00275EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/06/09 12:0 a.m.5 views

NewStart CGSL MAIN 7.02 : cloud-init Vulnerability (NS-SA-2025-0074)

The remote NewStart CGSL host, running version MAIN 7.02, has cloud-init packages installed that are affected by a vulnerability: - Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords...

5.5CVSS5.7AI score0.00236EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.7 views

Alibaba Cloud Linux 3 : 0257: cloud-init (ALINUX3-SA-2024:0257)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2024:0257 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3429: When instructing cloud-init to set a...

5.5CVSS5.7AI score0.00219EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/01 12:0 a.m.5 views

Vulnerability of the path_init() function in the drivers/interconnect/core.c module – The Linux kernel interconnect driver allows a hacker to gain access to protected information or cause service failures.

Vulnerability of the pathinit function in the drivers/interconnect/core.c module – The Linux kernel interconnect driver has vulnerabilities in its code. Exploiting this vulnerability could allow an attacker to access protected information or cause service failures...

6.3CVSS6.1AI score0.00177EPSS
Exploits0References19Affected Software4
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.5 views

Amazon Linux 2 : ecs-init (ALASECS-2025-050)

The version of ecs-init installed on the remote host is prior to 1.89.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-050 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as...

3.6CVSS6.7AI score0.00317EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.8 views

Amazon Linux 2 : ecs-init (ALASECS-2025-049)

The version of ecs-init installed on the remote host is prior to 1.89.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-049 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resultin...

5.3CVSS7.3AI score0.00874EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.8 views

Amazon Linux 2 : ecs-init (ALASECS-2025-051)

The version of ecs-init installed on the remote host is prior to 1.75.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-051 advisory. Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures...

5.3CVSS7AI score0.01328EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/09/04 3:13 a.m.5 views

SUSE CVE-2024-45620

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

3.9CVSS6.9AI score0.00293EPSS
Exploits0References10
CVE
CVE
added 2024/09/03 9:21 p.m.101 views

CVE-2024-45618

CVE-2024-45618 affects OpenSC’s pkcs15-init component. The issue arises from insufficient or missing checking of return values, which can cause use of uninitialized variables after APDU responses from crafted USB devices or smart cards. Multiple connected advisories document the same core problem...

3.9CVSS3.9AI score0.00287EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/15 12:0 a.m.7 views

The vulnerability of the gtp_init() function in the Linux kernel’s drivers/net/gtp.c module allows a hacker to cause a service failure.

The vulnerability of the gtpinit function in the drivers/net/gtp.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

4.6CVSS6.4AI score0.00252EPSS
Exploits0References37Affected Software3
SUSE CVE
SUSE CVE
added 2023/09/12 2:55 a.m.3 views

SUSE CVE-2023-4782

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7...

7.8CVSS9.3AI score0.00255EPSS
Exploits0References3
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/09/08 4:33 p.m.7 views

Terraform Allows Arbitrary File Write During Init Operation

Summary Terraform 1.0.8 through 1.5.6 allows arbitrary file write during the init operation if run on maliciously crafted Terraform configuration. This vulnerability, CVE-2023-4782, was fixed in Terraform 1.5.7. Background The core Terraform workflow uses 3 main operations; init , plan , and appl...

7.8CVSS7AI score0.00255EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2023/06/07 12:0 a.m.6 views

Medium: cloud-init

Issue Overview: Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. CVE-2023-1786 Affected Packages: cloud-init Issue Correction: Run dnf update cloud-init --releasever...

5.5CVSS6.1AI score0.00263EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.9 views

The vulnerability of the mtk_vcodec_fw_vpu_init() function in the Linux kernel’s drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c file allows a attacker to cause a service failure or gain increased privileges.

The vulnerability of the mtkvcodecfwvpuinit function in the Linux kernel’s drivers/media/platform/mtk-vcodec/mtkvcodecfwvpu.c file is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...

5.5CVSS6.7AI score0.00651EPSS
Exploits3References10Affected Software3
Tenable Nessus
Tenable Nessus
added 2021/08/11 12:0 a.m.29 views

RHEL 8 : cloud-init (RHSA-2021:3081)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:3081 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...

5.5CVSS5.8AI score0.00219EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.18 views

NewStart CGSL MAIN 6.02 : cloud-init Vulnerability (NS-SA-2021-0051)

The remote NewStart CGSL host, running version MAIN 6.02, has cloud-init packages installed that are affected by a vulnerability: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys. In some environment...

7.1CVSS5.7AI score0.00354EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2021/01/17 12:0 p.m.8 views

addr2line (=0.6.0), backtrace (>=0.3.6 <=0.3.9) +11 more potentially affected by CVE-2021-25901 via lazy-init (>=0.1.1 <=0.3.0)

lazy-init CARGO version =0.1.1, =0.3.6, =0.1.0, =0.1.0, =0.1.0, =0.7.0, =0.4.0, =0.4.0, =0.2.0, =0.2.0, =0.1.0, =0.1.0, =0.3.0 Source cves: CVE-2021-25901 Source advisory: OSV:RUSTSEC-2021-0004...

5.3CVSS6AI score0.01314EPSS
Exploits0
Rows per page
Query Builder