638 matches found
Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2025-079 (ALASNITRO-ENCLAVES-2025-079)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.11.0-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-079 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded...
Medium: containerd
Issue Overview: containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...
EUVD-2025-201467
nitro-tpm-pcr-compute may allow kernel command line modification by an account operator...
GHSA-XRV8-2PF5-F3Q7 nitro-tpm-pcr-compute may allow kernel command line modification by an account operator
Summary Adding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation. Attestable AMIs are based on the systemd Unified Kernel Image UKI concept which uses systemd-boot to create a single...
nitro-tpm-pcr-compute may allow kernel command line modification by an account operator
Summary Adding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation. Attestable AMIs are based on the systemd Unified Kernel Image UKI concept which uses systemd-boot to create a single...
Malicious code in nitro-kutu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c730e64b459919c937231de7e767a99ceca04f35011b70d3d95c5616092dead The package nitro-kutu was found to contain malicious code. Source: ghsa-malware e49eaa55b0b2cddde2728a2d6cfcc512771af0fa1cf78903a09e11d7b564d972 Any...
EUVD-2025-199119
Malicious code in nitro-kutu npm...
MAL-2025-191132 Malicious code in nitro-kutu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c730e64b459919c937231de7e767a99ceca04f35011b70d3d95c5616092dead The package nitro-kutu was found to contain malicious code. Source: ghsa-malware e49eaa55b0b2cddde2728a2d6cfcc512771af0fa1cf78903a09e11d7b564d972 Any...
EUVD-2025-199120
Malicious code in nitro-graphql npm...
Malicious code in nitro-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36ef7661deeec20f2ea8ef1c642811be2a627ee5e8b6a3f51cd61de1e421547b The package nitro-graphql was found to contain malicious code. Source: ghsa-malware a77bf7f130d454574e5e838c6ce7922e015408f32542a4b15e77d26698129fe3...
MAL-2025-191131 Malicious code in nitro-graphql (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36ef7661deeec20f2ea8ef1c642811be2a627ee5e8b6a3f51cd61de1e421547b The package nitro-graphql was found to contain malicious code. Source: ghsa-malware a77bf7f130d454574e5e838c6ce7922e015408f32542a4b15e77d26698129fe3...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Amazon Linux 2 : amazon-ecr-credential-helper, --advisory ALAS2NITRO-ENCLAVES-2025-073 (ALASNITRO-ENCLAVES-2025-073)
The version of amazon-ecr-credential-helper installed on the remote host is prior to 0.10.1-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-073 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitt...
Important: amazon-ecr-credential-helper
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Low: docker
Issue Overview: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails...
EUVD-2020-2680
Malware in sbrugna...
EUVD-2020-27246
Malware in sbrugna...
EUVD-2015-2927
Malware in sbrugna...
EUVD-2015-2926
Malware in sbrugna...
EUVD-2021-10082
Malware in sbrugna...