Closed Vkad00 closed 7 months ago
We are observing CVE-2010-0834 in azure AKS clusters running on 1.26.3 version. This is not running on a local machine but shows a vulnerability for dell laptops.
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">
We are observing CVE-2010-0834 in azure AKS clusters running on 1.26.3 version. This is not running on a local machine but shows a vulnerability for dell laptops.
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">
Registry | Repository | Tag | Id | Distro | Hosts | Layer | CVE ID | Compliance ID | Type | Severity | Packages | Source Package | Package Version | Package License | CVSS | Fix Status | Fix Date | Grace Days | Risk Factors | Vulnerability Tags | Description -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- | -- mcr.microsoft.com | oss/kubernetes/kube-proxy | v1.26.3-hotfix.20230509.1 | sha256:3a0056c7e5d9eab3200fc0b6f39145f424e5ed2457ade64713842de28b8cdca1 | debian-bullseye | 2 | | CVE-2010-0834 | 46 | OS | unimportant | base-files | | 11.1+deb11u5 | GPL | 9.3 | fixed in 11.1+deb11u7 | 23:00.0 | | Attack vector: network, Has fix, Remote execution | The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. mcr.microsoft.com | oss/kubernetes-csi/livenessprobe | v2.10.0 | sha256:a0a744de06b9862ee665fcf47a17ec3425f67915a2e603f5636f6eba17378c7e | debian-bullseye | 2 | | CVE-2010-0834 | 46 | OS | unimportant | base-files | | 11.1+deb11u6 | GPL | 9.3 | fixed in 11.1+deb11u7 | 23:00.0 | | Attack vector: network, Has fix, Remote execution | The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package. mcr.microsoft.com | oss/kubernetes-csi/csi-node-driver-registrar | v2.8.0 | sha256:aa15d611f49d8331e2266cf02d8f5fb0d32caad598897433fbd46234b88ebaf4 | debian-bullseye | 2 | | CVE-2010-0834 | 46 | OS | unimportant | base-files | | 11.1+deb11u6 | GPL | 9.3 | fixed in 11.1+deb11u7 | 23:00.0 | | Attack vector: network, Has fix, Remote execution | The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before 5.0.0ubuntu20.10.04.2 on Ubuntu 10.04 LTS, as shipped on Dell Latitude 2110 netbooks, does not require authentication for package installation, which allows remote archive servers and man-in-the-middle attackers to execute arbitrary code via a crafted package.