Blog
Detecting and Mitigating CVE-2021-25737: EndpointSlice validation enables host network hijack
The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private…
Search Results
Search Results 1 - 10 of 47
Blog
How to detect CVE-2019-14287 using Falco
A recent flaw, CVE-2019-14287, has been found in sudo. In this blogpost, we are going to show you how to…
Blog
Detecting exploits of CVE-2019-5736: runc container breakout.
Earlier today, CVE-2019-5736 was announced regarding a runC container breakout. Given the high CVSS rating of 7.2, it is imperative…
Blog
Detecting CVE-2020-14386 with Falco and mitigating potential container escapes
On Sept. 14, CVE-2020-14386 was reported as a “high” severity threat. This CVE is a kernel security vulnerability that enables…
Blog
Detecting and mitigating Apache Unomi’s CVE-2020-13942 – Remote Code Execution (RCE)
CVE-2020-13942 is a critical vulnerability that affects the Apache open source application Unomi, and allows a remote attacker to execute…
Blog
Detect CVE-2020-8554 using Falco
CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and…
Blog
Detecting + preventing cgroups escape via SCTP – CVE-2019-3874.
This week CVE-2019-3874 was discovered which details a flaw in the Linux kernel where an attacker can circumvent cgroup memory…
Blog
Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman
The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container…
Blog
Detect CVE-2020-8557 using Falco
A new vulnerability, CVE-2020-8557, has been detected in kubelet. It can be exploited by writing into /etc/hosts to cause a…
Blog
How to detect Kubernetes vulnerability CVE-2019-11246 using Falco.
A recent CNCF-sponsored Kubernetes security audit uncovered CVE-2019-11246, a high-severity vulnerability affecting the command-line kubectl tool. If exploited, it could…