Lucene search
K

232 matches found

Snyk
Snyk
added 2025/10/30 3:2 p.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...

9.9CVSS8.3AI score0.0043EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 3:2 p.m.2 views

GO-2025-4043 NeuVector is shipping cryptographic material into its binary in github.com/neuvector/neuvector

NeuVector is shipping cryptographic material into its binary in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...

6.5CVSS6.9AI score0.00242EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 3:2 p.m.2 views

GO-2025-4042 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector

NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

9.9CVSS7.5AI score0.0043EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 10:15 a.m.8 views

CVE-2025-54471

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

6.5CVSS0.00242EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 10:15 a.m.5 views

CVE-2025-54469

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

9.9CVSS0.0043EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 9:45 a.m.3 views

CVE-2025-54471 NeuVector is shipping cryptographic material into its binary

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

6.5CVSS6AI score0.00242EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/30 9:41 a.m.2 views

CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

9.9CVSS7.1AI score0.0043EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:41 a.m.40 views

CVE-2025-54469

NeuVector Enforcer is vulnerable to command injection due to unsanitized use of environment variables CLUSTER_RPC_PORT and CLUSTER_LAN_PORT to compose shell commands via popen. Connected sources (GO-2025-4042, NVD/OSV entries) confirm the issue and potential impact (command injection; buffer over...

9.9CVSS6.8AI score0.0043EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/30 9:41 a.m.6 views

EUVD-2025-35221

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

9.9CVSS6.7AI score0.0043EPSS
Exploits0References4
OSV
OSV
added 2025/10/30 9:41 a.m.1 views

CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

9.9CVSS7.2AI score0.0043EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/30 9:38 a.m.5 views

EUVD-2025-35220

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

8.6CVSS6AI score0.00179EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/10/30 9:38 a.m.10 views

CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

8.6CVSS0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:38 a.m.3 views

CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

8.6CVSS6.2AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2025/10/30 9:38 a.m.5 views

CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

8.6CVSS6AI score0.00179EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.7 views

NeuVector 操作系统命令注入漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control, and container process/filesystem protection. NeuVector suffers from an operating system command injection vulnerability that stems...

9.9CVSS7.2AI score0.0043EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

NeuVector 信任管理问题漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A trust management issue vulnerability exists in NeuVector that stems from not enforci...

8.6CVSS6.3AI score0.00179EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

NeuVector 安全漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. NeuVector suffers from a security vulnerability that stems from the use of hard-coded...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References2
Wolfi
Wolfi
added 2025/10/24 2:6 p.m.3 views

GHSA-H773-7GF7-9M2X vulnerabilities

Vulnerabilities for packages: neuvector-scanner...

7AI score
Exploits0
Wolfi
Wolfi
added 2025/10/24 2:6 p.m.5 views

GHSA-C8G6-QRWH-M3VP vulnerabilities

Vulnerabilities for packages: neuvector-scanner...

7AI score
Exploits0
Wolfi
Wolfi
added 2025/10/24 2:6 p.m.4 views

CVE-2025-54469 vulnerabilities

Vulnerabilities for packages: neuvector-scanner...

9.9CVSS7AI score0.0043EPSS
Exploits0
Rows per page
Query Builder