Lucene search
K

106 matches found

Chainguard
Chainguard
added 6 days ago4 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: gitea-fips, k9s-fips, gitlab-rails-ce, nemo, kube-arangodb-fips, zitadel, loki, coder, flux-source-controller, opentofu-fips, frankenphp-8.4, mattermost-fips, harbor, kaf, skaffold-fips, kubevela-fips, kyverno-fips, skaffold, prometheus-mongodb-exporter,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 days ago4 views

GHSA-9M57-25V3-79X9 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, terraform-fips, nemo, kube-arangodb-fips, packer-fips, buildah-fips, zitadel, loki, opentofu-fips, frankenphp-8.4, mattermost-fips, harbor, kaf, kyverno-fips, prometheus-mongodb-exporter, rancher-agent, omnictl-multiarch-fips, prometheus-operator,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 days ago4 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: chezmoi, gitea-fips, k9s-fips, gitlab-runner, gitlab-rails-ce, argo-events, terraform-fips, fulcio-fips, nemo, kube-arangodb-fips, packer-fips, buildah-fips, kyverno-notation-aws-fips, zitadel, crossplane-provider-family-azure, loki, atlantis, caddy-fips, consul,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 days ago4 views

GHSA-78MQ-XCR3-XM33 vulnerabilities

Vulnerabilities for packages: chezmoi, gitea-fips, k9s-fips, gitlab-rails-ce, argo-events, terraform-fips, nemo, kube-arangodb-fips, packer-fips, zitadel, loki, grype-db, flux-source-controller, splunk-otel-collector-fips, prometheus-podman-exporter-fips, opentofu-fips, redpanda-console,...

5.8AI score
Exploits0
Chainguard
Chainguard
added 6 days ago4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: gitea-fips, k9s-fips, gitlab-rails-ce, nemo, kube-arangodb-fips, zitadel, loki, coder, flux-source-controller, opentofu-fips, frankenphp-8.4, mattermost-fips, harbor, kaf, skaffold-fips, kubevela-fips, kyverno-fips, skaffold, prometheus-mongodb-exporter,...

5.8AI score
Exploits0
Wolfi
Wolfi
added 6 days ago6 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: terraform-provider-tls, mods, apko, crossplane-provider-azure-sql, cosign, syft, wolfictl, atlantis, step-issuer, argo-cd, external-secrets-operator, helm, flux-kustomize-controller, docker-cli-buildx, policy-controller, grype, prometheus-operator,...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/19 4:35 p.m.16 views

GHSA-Q7J3-V8QV-22VQ OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL

Impact Possible data exposure. Summary While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read. This might allow disclosure of confidential information. Details OpenTofu relies on go-getter for downloading packages like...

7.5CVSS6AI score0.00583EPSS
Exploits1References9
Wolfi
Wolfi
added 2026/06/08 1:48 p.m.10 views

GHSA-PXH5-6RRC-8RJV vulnerabilities

Vulnerabilities for packages: opentofu...

5.4AI score
Exploits0
Chainguard
Chainguard
added 2026/06/08 8:6 a.m.8 views

GHSA-PXH5-6RRC-8RJV vulnerabilities

Vulnerabilities for packages: opentofu-fips, opentofu...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/20 3:35 p.m.5 views

GHSA-PXH5-6RRC-8RJV OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server

Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...

3.1CVSS6.3AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/20 3:35 p.m.14 views

OpenTofu: Excessive resource usage in "tofu init" when installing dependencies from attacker-controlled server

Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause tofu initto enter an infinite loop sending garbage data to that server. Those who depend on modules or providers served from untrusted third-party...

7.5CVSS6.4AI score0.00781EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/30 12:53 a.m.3 views

CLEANSTART-2026-CN84623 Within HostnameError

Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...

9.8CVSS6.5AI score0.01945EPSS
Exploits8References78
OSV
OSV
added 2026/04/30 12:53 a.m.10 views

CLEANSTART-2026-GY48351 Within HostnameError

Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...

9.8CVSS6.8AI score0.01945EPSS
Exploits8References78
OSV
OSV
added 2026/04/30 12:49 a.m.11 views

CLEANSTART-2026-MI12470 Within HostnameError

Multiple security vulnerabilities affect the opentofu-fips package. Within HostnameError. See references for individual vulnerability details...

9.8CVSS8.4AI score0.01557EPSS
Exploits5References55
OSV
OSV
added 2026/04/30 12:45 a.m.15 views

CLEANSTART-2026-SO13464 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions

Multiple security vulnerabilities affect the opentofu-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...

9.8CVSS6.1AI score0.01557EPSS
Exploits6References64
Wolfi
Wolfi
added 2026/04/24 7:48 p.m.10 views

CVE-2026-32952 vulnerabilities

Vulnerabilities for packages: seaweedfs, grafana, cert-manager-csi-driver, gitlab-runner, flux-source-controller, kyverno-notation-aws, percona-server-mongodb-operator, opentofu, k6, terraform, xeol, external-secrets-operator, dex, yunikorn-k8shim, ratify, rclone, sftpgo-plugin-auth, rancher-agen...

7.5CVSS5.8AI score0.01027EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/24 7:48 p.m.14 views

GHSA-PJCQ-XVWQ-HHPJ vulnerabilities

Vulnerabilities for packages: seaweedfs, grafana, cert-manager-csi-driver, gitlab-runner, flux-source-controller, kyverno-notation-aws, percona-server-mongodb-operator, opentofu, k6, terraform, xeol, external-secrets-operator, dex, yunikorn-k8shim, ratify, rclone, sftpgo-plugin-auth, rancher-agen...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/14 11:34 p.m.14 views

OpenTofu has unbounded memory usage, high CPU usage, or deadlock in "tofu init" with maliciously-crafted dependency responses

Impact Unauthenticated denial of service. Summary When installing module packages from attacker-controlled sources, tofu init may use unbounded memory, cause high CPU usage, or deadlock when encountering maliciously-crafted TLS certificate chains or tar archives. Those who depend on modules or...

7.5CVSS6.5AI score0.00621EPSS
Exploits0References8Affected Software1
Wolfi
Wolfi
added 2026/04/11 2:52 a.m.13 views

CVE-2026-4660 vulnerabilities

Vulnerabilities for packages: tfsec, trivy-operator, conftest, syft, wolfictl, opentofu, zarf, k9s, tflint, terraform, xeol, snyk-cli, kots, task, grype, terragrunt, kubescape, zot, steampipe, trivy...

7.5CVSS5.8AI score0.00583EPSS
Exploits1
Wolfi
Wolfi
added 2026/04/11 2:52 a.m.9 views

GHSA-92MM-2PJQ-R785 vulnerabilities

Vulnerabilities for packages: tfsec, trivy-operator, conftest, syft, wolfictl, opentofu, zarf, k9s, tflint, terraform, xeol, snyk-cli, kots, task, grype, terragrunt, kubescape, zot, steampipe, trivy...

5.8AI score
Exploits0
Rows per page
Query Builder