Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41053 |
|
Vulnerability in github.com/rancher/rancher (CVE-2026-41053)
vulnerability in github.com/rancher/rancher (CVE-2026-41053). Successful exploitation can lead to full system takeover. Exploitable via ``allowedPrincipalIds``. Mitigation: upgrade to `0.0.0-20260519172014-d0c047bbc6d2` or later.
|
| CVE-2026-44935 |
|
Vulnerability in github.com/rancher/fleet (CVE-2026-44935)
vulnerability in github.com/rancher/fleet (CVE-2026-44935). Successful exploitation can lead to full system takeover. Exploitable via ``HelmOp``. Mitigation: upgrade to `0.12.15` or later.
|
| CVE-2026-44946 |
|
Vulnerability in suse (CVE-2026-44946)
vulnerability in suse (CVE-2026-44946). Confidential information can be exposed externally.
|
| CVE-2026-41052 |
|
Vulnerability in github.com/rancher/rancher (CVE-2026-41052)
vulnerability in github.com/rancher/rancher (CVE-2026-41052). Successful exploitation can lead to full system takeover. Exploitable via ``privileged``. Mitigation: upgrade to `0.0.0-20260513182521-2800aaac25b5` or later.
|
| CVE-2026-44543 |
|
Vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543)
vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543). Confidential information can be exposed externally. Exploitable via ``helperPod.yaml``. Mitigation: upgrade to `0.0.36` or later.
|
| CVE-2026-31431 KEV |
|
[KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2025-6018 |
|
Authorization Flaw in privilege-escalation (CVE-2025-6018)
vulnerability in privilege-escalation (CVE-2025-6018). Successful exploitation can lead to full system takeover.
|
| CVE-2024-12086 |
|
Vulnerability in samba (CVE-2024-12086)
vulnerability in samba (CVE-2024-12086). Confidential information can be exposed externally.
|
| CVE-2024-12085 |
|
Vulnerability in samba (CVE-2024-12085)
vulnerability in samba (CVE-2024-12085). Confidential information can be exposed externally.
|
| CVE-2024-12087 |
|
Path Traversal in path-traversal (CVE-2024-12087)
path traversal in path-traversal (CVE-2024-12087). Data can be tampered with by attackers.
|
| CVE-2024-6387 |
|
Vulnerability in sonicwall (CVE-2024-6387)
vulnerability in sonicwall (CVE-2024-6387). Successful exploitation can lead to full system takeover.
|
| CVE-2022-21952 |
|
Vulnerability in dos (CVE-2022-21952)
vulnerability in dos (CVE-2022-21952). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-2808 |
|
Vulnerability in oracle (CVE-2015-2808)
vulnerability in oracle (CVE-2015-2808). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-14491 |
|
Out-of-Bounds Write in platform/external/dnsmasq (CVE-2017-14491)
out-of-bounds write in platform/external/dnsmasq (CVE-2017-14491). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `11:2021-03-01` or later.
|
| CVE-2019-7317 |
|
Use-After-Free in c (CVE-2019-7317)
vulnerability in c (CVE-2019-7317). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-5753 |
|
Vulnerability in intel (CVE-2017-5753)
vulnerability in intel (CVE-2017-5753). Confidential information can be exposed externally.
|
| CVE-2017-17806 |
|
Out-of-Bounds Write in c (CVE-2017-17806)
out-of-bounds write in c (CVE-2017-17806). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17805 |
|
Vulnerability in c (CVE-2017-17805)
vulnerability in c (CVE-2017-17805). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17558 |
|
Out-of-Bounds Write in c (CVE-2017-17558)
out-of-bounds write in c (CVE-2017-17558). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15115 |
|
Use-After-Free in c (CVE-2017-15115)
vulnerability in c (CVE-2017-15115). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15638 |
|
Vulnerability in suse (CVE-2017-15638)
vulnerability in suse (CVE-2017-15638). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-13087 |
|
Vulnerability in canonical (CVE-2017-13087)
vulnerability in canonical (CVE-2017-13087). Data can be tampered with by attackers.
|
| CVE-2017-13078 |
|
Vulnerability in canonical (CVE-2017-13078)
vulnerability in canonical (CVE-2017-13078). Data can be tampered with by attackers.
|
| CVE-2017-13079 |
|
Vulnerability in canonical (CVE-2017-13079)
vulnerability in canonical (CVE-2017-13079). Data can be tampered with by attackers.
|
| CVE-2017-13080 |
|
Vulnerability in canonical (CVE-2017-13080)
vulnerability in canonical (CVE-2017-13080). Data can be tampered with by attackers.
|
| CVE-2017-13081 |
|
Vulnerability in canonical (CVE-2017-13081)
vulnerability in canonical (CVE-2017-13081). Data can be tampered with by attackers.
|
| CVE-2017-13082 |
|
Vulnerability in canonical (CVE-2017-13082)
vulnerability in canonical (CVE-2017-13082). Confidential information can be exposed externally.
|
| CVE-2017-13084 |
|
Vulnerability in canonical (CVE-2017-13084)
vulnerability in canonical (CVE-2017-13084). Confidential information can be exposed externally.
|
| CVE-2017-13086 |
|
Vulnerability in canonical (CVE-2017-13086)
vulnerability in canonical (CVE-2017-13086). Confidential information can be exposed externally.
|
| CVE-2017-13088 |
|
Vulnerability in canonical (CVE-2017-13088)
vulnerability in canonical (CVE-2017-13088). Data can be tampered with by attackers.
|
| CVE-2017-13077 |
|
Vulnerability in canonical (CVE-2017-13077)
vulnerability in canonical (CVE-2017-13077). Confidential information can be exposed externally.
|
| CVE-2017-14621 |
|
Portus 2.2.0 has XSS via the Team field, related to typeahead.
Portus 2.2.0 has XSS via the Team field, related to typeahead.
|
| CVE-2011-0469 |
|
Code Injection in suse (CVE-2011-0469)
code injection in suse (CVE-2011-0469). Successful exploitation can lead to full system takeover.
|
| CVE-2015-3405 |
|
Vulnerability in ntp (CVE-2015-3405)
vulnerability in ntp (CVE-2015-3405). Confidential information can be exposed externally.
|
| CVE-2015-5300 |
|
Vulnerability in dos (CVE-2015-5300)
vulnerability in dos (CVE-2015-5300). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5219 |
|
Vulnerability in dos (CVE-2015-5219)
vulnerability in dos (CVE-2015-5219). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5194 |
|
Vulnerability in dos (CVE-2015-5194)
vulnerability in dos (CVE-2015-5194). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-1000366 |
|
Buffer Overflow in redhat (CVE-2017-1000366)
vulnerability in redhat (CVE-2017-1000366). Successful exploitation can lead to full system takeover.
|
| CVE-2016-4473 |
|
Use-After-Free in c (CVE-2016-4473)
vulnerability in c (CVE-2016-4473). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7995 |
|
Information Disclosure in xen (CVE-2017-7995)
vulnerability in xen (CVE-2017-7995). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-8567 |
|
Vulnerability in c (CVE-2015-8567)
vulnerability in c (CVE-2015-8567). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-9959 |
|
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
|
| CVE-2016-9957 |
|
Stack-based buffer overflow in game-music-emu before 0.6.1.
Stack-based buffer overflow in game-music-emu before 0.6.1.
|
| CVE-2016-9958 |
|
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
|
| CVE-2015-4680 |
|
Vulnerability in freeradius (CVE-2015-4680)
vulnerability in freeradius (CVE-2015-4680). Data can be tampered with by attackers.
|
| CVE-2017-7297 |
|
Vulnerability in suse (CVE-2017-7297)
vulnerability in suse (CVE-2017-7297). Successful exploitation can lead to full system takeover.
|
| CVE-2016-7797 |
|
Vulnerability in dos (CVE-2016-7797)
vulnerability in dos (CVE-2016-7797). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-9398 |
|
Vulnerability in c (CVE-2016-9398)
vulnerability in c (CVE-2016-9398). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-1602 |
|
Code Injection in suse (CVE-2016-1602)
code injection in suse (CVE-2016-1602). Successful exploitation can lead to full system takeover.
|
| CVE-2014-9844 |
|
Out-of-Bounds Read in c (CVE-2014-9844)
vulnerability in c (CVE-2014-9844). Risk of unauthorized operations or information disclosure.
|