49 matches found
AZL-54464 CVE-2024-45338 affecting package sriov-network-device-plugin for versions less than 3.7.0-2
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...
AZL-39154 CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
CVE-2024-2954
The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, wit...
CVE-2024-2954
CVE-2024-2954 affects the Action Network WordPress plugin (version 1.4.3) and is due to insufficient escaping of the bulk-action parameter, enabling an authenticated attacker with administrator-level access or higher to inject arbitrary SQL into existing queries. This could lead to extraction of ...
CVE-2024-2954
The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, wit...
AZL-35598 CVE-2024-24786 affecting package sriov-network-device-plugin for versions less than 3.6.2-6
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...
AZL-35282 CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-33645 CVE-2022-41717 affecting package sriov-network-device-plugin for versions less than 3.6.2-2
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
AZL-35285 CVE-2022-32149 affecting package sriov-network-device-plugin for versions less than 3.7.0-1
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...
AZL-33644 CVE-2022-29526 affecting package sriov-network-device-plugin for versions less than 3.6.2-2
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...
[SECURITY] Fedora 35 Update: golang-github-containerd-cni-1.1.6-1.fc35
A generic CNI library to provide APIs for CNI plugin interactions. The library provides APIs to: - Load CNI network config from different sources - Setup networks for container namespace - Remove networks from container namespace - Query status of CNI network plugin initialization...
[SECURITY] Fedora 36 Update: golang-github-containerd-cni-1.1.6-1.fc36
A generic CNI library to provide APIs for CNI plugin interactions. The library provides APIs to: - Load CNI network config from different sources - Setup networks for container namespace - Remove networks from container namespace - Query status of CNI network plugin initialization...
AZL-41344 CVE-2022-1996 affecting package sriov-network-device-plugin for versions less than 3.7.0-1
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...
CVE-2022-21951
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This...
CVE-2021-20238
It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...
Cloud Native Computing Foundation CNI Path Traversal Vulnerability
Cloud Native Computing Foundation CNI is a plugin from the Cloud Native Computing Foundation Foundation for providing network support for containers in Linux environments. The application only deals with network connectivity for containers and deletion of allocated resources when deleting...
EOS.IO DAWN Denial of Service Vulnerability
EOS.IO DAWN is a smart contract platform based on blockchain technology. The platform is used to deploy decentralized applications. A security vulnerability exists in EOS.IO DAWN version 4.2, which stems from the plugins/netplugin/netplugin.cpp file failing to limit the number of P2P links from t...
CVE-2018-11548
An issue was discovered in EOS.IO DAWN 4.2. plugins/netplugin/netplugin.cpp does not limit the number of P2P connections from the same source IP address...
Cloud Foundry Silk CNI Plugin Access Control Error Vulnerability
Cloud Foundry CF is the U.S. Cloud Foundry Foundation's set of open source platform-as-a-service PaaS cloud computing platform , which provides container scheduling , continuous delivery and automated service deployment and other functions . Silk CNI plugin is one of the CNI-compatible use of...
Fedora 26 : collectd (2017-822d460ae2)
Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parsepacket and parsepartsignsha256 functions. This is a bug in the network plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable ha...