7 matches found
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: kube-arangodb-fips, flux, mods, drone-fips, cilium, crossplane-provider-aws-cloudtrail, crossplane-provider-azure-operationalinsights, crossplane-provider-azure-servicefabric, crossplane-provider-aws-kafka-fips, trivy-fips, gh, zot, crossplane-provider-aws-ec2-fips,...
CVE-2026-32289 vulnerabilities
Vulnerabilities for packages: kubescape-operator, aactl, lvm-driver, cert-manager-cmctl, gitlab-kas, dgraph, syft, kubescape, kubernetes-csi-driver-hostpath, secrets-store-csi-driver, kubernetes-dashboard, buildah, opencost, flux-image-reflector-controller, cluster-api, eksctl, cortex,...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: cloud-sql-proxy, livekit-server, bento-fips, pluto, terraform-provider-grafana, crossplane-provider-aws-cloudfront, crossplane-provider-aws-ecr, crossplane-provider-aws-rolesanywhere-fips, cilium-cli, flux, apache-beam-python-3.11-sdk, helm-diff-fips,...
Malicious code in @terraform-aws-github-runner/gh-agent-syncer (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @terraform-aws-github-runner/aws-ssm-uti (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9e8dee05678c6b03df102e495749bdc9db8ae73a32752a0f85345cc637577012 The OpenSSF Package Analysis project identified '@terraform-aws-github-runner/aws-ssm-uti' @ 1.999.0 npm as malicious. It is considered maliciou...
PT-2023-36264 · Hashicorp · Terraform-Provider-Aws
Name of the Vulnerable Software and Affected Versions: terraform-provider-aws affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.21. The terraform-provider-aws package has been rebuilt to incorporate this security...
CVE-2018-9057
aws/resourceawsiamuserloginprofile.go in the HashiCorp Terraform Amazon Web Services AWS provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password...