Lucene search
K

49 matches found

OSV
OSV
added 2024/12/18 9:15 p.m.7 views

AZL-54464 CVE-2024-45338 affecting package sriov-network-device-plugin for versions less than 3.7.0-2

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.6AI score0.00856EPSS
Exploits0References1
OSV
OSV
added 2024/04/04 9:15 p.m.6 views

AZL-39154 CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

7.5CVSS6.8AI score0.91969EPSS
Exploits1References1
NVD
NVD
added 2024/03/27 7:15 a.m.23 views

CVE-2024-2954

The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, wit...

7.2CVSS7AI score0.00621EPSS
Exploits0References2
CVE
CVE
added 2024/03/27 6:40 a.m.52 views

CVE-2024-2954

CVE-2024-2954 affects the Action Network WordPress plugin (version 1.4.3) and is due to insufficient escaping of the bulk-action parameter, enabling an authenticated attacker with administrator-level access or higher to inject arbitrary SQL into existing queries. This could lead to extraction of ...

7.2CVSS9.3AI score0.00621EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/03/27 6:40 a.m.24 views

CVE-2024-2954

The Action Network plugin for WordPress is vulnerable to SQL Injection via the 'bulk-action' parameter in version 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, wit...

7.2CVSS7.3AI score0.00621EPSS
Exploits0References2
OSV
OSV
added 2024/03/05 11:15 p.m.7 views

AZL-35598 CVE-2024-24786 affecting package sriov-network-device-plugin for versions less than 3.6.2-6

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

7.5CVSS6.7AI score0.01262EPSS
Exploits0References1
OSV
OSV
added 2023/10/10 2:15 p.m.14 views

AZL-35282 CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

7.5CVSS6.7AI score0.99999EPSS
Exploits19References1
OSV
OSV
added 2022/12/08 8:15 p.m.6 views

AZL-33645 CVE-2022-41717 affecting package sriov-network-device-plugin for versions less than 3.6.2-2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

5.3CVSS6.7AI score0.05623EPSS
Exploits0References1
OSV
OSV
added 2022/10/14 3:15 p.m.8 views

AZL-35285 CVE-2022-32149 affecting package sriov-network-device-plugin for versions less than 3.7.0-1

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

7.5CVSS6.7AI score0.01428EPSS
Exploits0References1
OSV
OSV
added 2022/06/23 5:15 p.m.8 views

AZL-33644 CVE-2022-29526 affecting package sriov-network-device-plugin for versions less than 3.6.2-2

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

5.3CVSS6.8AI score0.02593EPSS
Exploits1References1
Fedora
Fedora
added 2022/06/16 1:27 a.m.45 views

[SECURITY] Fedora 35 Update: golang-github-containerd-cni-1.1.6-1.fc35

A generic CNI library to provide APIs for CNI plugin interactions. The library provides APIs to: - Load CNI network config from different sources - Setup networks for container namespace - Remove networks from container namespace - Query status of CNI network plugin initialization...

5.5CVSS6.1AI score0.00377EPSS
Exploits0
Fedora
Fedora
added 2022/06/16 1:21 a.m.29 views

[SECURITY] Fedora 36 Update: golang-github-containerd-cni-1.1.6-1.fc36

A generic CNI library to provide APIs for CNI plugin interactions. The library provides APIs to: - Load CNI network config from different sources - Setup networks for container namespace - Remove networks from container namespace - Query status of CNI network plugin initialization...

5.5CVSS6.1AI score0.00377EPSS
Exploits0
OSV
OSV
added 2022/06/08 1:15 p.m.5 views

AZL-41344 CVE-2022-1996 affecting package sriov-network-device-plugin for versions less than 3.7.0-1

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...

9.1CVSS7.4AI score0.02737EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/05/25 12:0 a.m.6 views

CVE-2022-21951

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This...

6.8CVSS6.7AI score0.00369EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2021/02/15 6:34 p.m.77 views

CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

5.6CVSS0.2AI score0.00735EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/05 12:0 a.m.9 views

Cloud Native Computing Foundation CNI Path Traversal Vulnerability

Cloud Native Computing Foundation CNI is a plugin from the Cloud Native Computing Foundation Foundation for providing network support for containers in Linux environments. The application only deals with network connectivity for containers and deletion of allocated resources when deleting...

7.2CVSS6.6AI score0.01525EPSS
Exploits0References24
CNVD
CNVD
added 2018/06/01 12:0 a.m.2 views

EOS.IO DAWN Denial of Service Vulnerability

EOS.IO DAWN is a smart contract platform based on blockchain technology. The platform is used to deploy decentralized applications. A security vulnerability exists in EOS.IO DAWN version 4.2, which stems from the plugins/netplugin/netplugin.cpp file failing to limit the number of P2P links from t...

7.5CVSS7.4AI score0.01332EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/05/29 9:0 p.m.16 views

CVE-2018-11548

An issue was discovered in EOS.IO DAWN 4.2. plugins/netplugin/netplugin.cpp does not limit the number of P2P connections from the same source IP address...

7.5AI score0.01332EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/29 12:0 a.m.3 views

Cloud Foundry Silk CNI Plugin Access Control Error Vulnerability

Cloud Foundry CF is the U.S. Cloud Foundry Foundation's set of open source platform-as-a-service PaaS cloud computing platform , which provides container scheduling , continuous delivery and automated service deployment and other functions . Silk CNI plugin is one of the CNI-compatible use of...

8.1CVSS7AI score0.00988EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.25 views

Fedora 26 : collectd (2017-822d460ae2)

Fix CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parsepacket and parsepartsignsha256 functions. This is a bug in the network plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable ha...

7.5CVSS6.8AI score0.03997EPSS
Exploits0References2
Rows per page
Query Builder