CVEs

CVE Aggregator

CVE ID

Severity

Classification Group

Target

Description

Report Date

CVE-2019-8339

High

Policy Bypass

Falco

Allows for bypassing syscall detection and therefore Falco rules, then running any system calls undetected

May 15, 2019

CVE-2019-1002101

High

Directory Traversal

Kubernetes

Directory traversal in kubectl cp command due to insufficient fix

March 28, 2019

CVE-2018-17963

High

Buffer Overflow

QEMU

qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.

October 8, 2018

CVE-2018-17962

High

Buffer Overflow

QEMU

Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

October 8, 2018

CVE-2018-17958

High

Buffer Overflow

QEMU

Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.

October 8, 2018

CVE-2018-18385

Medium

Denial of Service

asciidoctor

Denial of Service in Asciidoctor parser given malicious input was discovered by fuzzing the Asciidoctor Ruby code. Fixed in Asciidoctor 1.5.8

October 16, 2018

CVE-2018-11506

High

Stack Overflow

Linux Kernel

Linux kernel through 4.16.12 allows local users to cause a stack-based buffer overflow due to buffers have different sizes at the CDROM layer and the SCSI layer

May 31, 2018

CVE-2018-10839

High

Buffer Overflow

QEMU

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu or execute code on it.

May 21, 2018

CVE-2018-1098

High

CSRF

etcd

A cross-site request forgery flaw in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key.

February 25, 2018

CVE-2018-1099

Medium

Input Validation

etcd

DNS rebinding vulnerability in etcd 3.3.1 and earlier

February 25, 2018

CVE-2017-16544

Medium

Output Sanitization

Busybox

The Busybox shell does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

November 7, 2017

CVE-2017-15873

Medium

Integer Overflow

Busybox

The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.

October 22, 2017

CVE-2017-15874

Medium

Integer Underflow

Busybox

archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.

October 22, 2017

CVE-2017-9951

High

Integer Overflow

memcached

The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key.

July 13, 2017

CVE-2017-9669

High

Heap Overflow

Alpine Linux

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.

June 25, 2017

CVE-2017-9671

High

Heap overflow

Alpine Linux

A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.

June 25, 2017

Ready to see Twistlock in action?

Get Twistlock