21 matches found
EUVD-2020-18852
Malware in sbrugna...
EUVD-2021-0955
Malware in sbrugna...
CVE-2020-11091
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...
GO-2022-0794 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements in github.com/weaveworks/weave
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements in github.com/weaveworks/weave...
SUSE CVE-2020-26278
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
Impact An attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 on the kernel cmdline, it wi...
GHSA-59QG-GRP7-5R73 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
Impact An attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 on the kernel cmdline, it wi...
CVE-2020-26278
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...
CVE-2020-26278
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...
Design/Logic Flaw
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...
CVE-2020-26278
Weave Net versions prior to 2.8.0 expose a privilege escalation risk: the pods running on every node are deployed with privileged: true and hostPID: true, enabling the pod to access host processes and write to the host filesystem. This can allow an attacker to take over a host in the Kubernetes c...
CVE-2020-26278 Weave Net Pods running in host PID namespace can be used to escalate other Kubernetes vulnerabilities
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is...
Weaveworks Weave Net Security Breach
Weaveworks Weave Net is a cloud-native networking toolkit from Weaveworks UK. Weave Net suffers from a security vulnerability that can be exploited by an attacker to take over any host in a cluster...
Unspecified Vulnerability in Weaveworks Weave Net
Weaveworks Weave Net is a cloud-native networking toolkit from Weaveworks UK. A security vulnerability in Weaveworks Weave Net versions prior to 2.6.3 can be exploited by an attacker to reconfigure a host to redirect some or all of the host's IPv6 traffic to a container under the attacker's contr...
CVE-2020-11091
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...
CVE-2020-11091
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...
Command injection
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...
CVE-2020-11091
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...
CVE-2020-11091 Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
In Weave Net before version 2.6.3, an attacker able to run a process as root in a container is able to respond to DNS requests from the host and thereby insert themselves as a fake service. In a cluster with an IPv4 internal network, if IPv6 is not totally disabled on the host via ipv6.disable=1 ...
CVE-2020-11091
CVE-2020-11091 affects Weave Net up to version 2.6.3. An attacker that can run a root process in a container can respond to DNS requests from the host and insert themselves as a fake service. In IPv4 internal networks, if IPv6 is not fully disabled and IPv6 forwarding is off but accept_ra is on, ...