Lucene search
K

849 matches found

Chainguard
Chainguard
added 6 days ago8 views

GHSA-XCGV-8MV7-V8C7 vulnerabilities

Vulnerabilities for packages: cloud-sql-proxy, commercial-chainloop-backend, terraform-fips, kots, gitlab-workhorse-ce, kube-arangodb-fips, nerdctl-fips, containerd, art, cilium-cli, flux, kubernetes-dashboard, istio, kyverno-policy-reporter-plugins-kyverno, src, grafana-operator-fips,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 6 days ago7 views

GHSA-FF52-PH69-CF7X vulnerabilities

Vulnerabilities for packages: harbor-scanner-trivy-fips, bento-fips, git-lfs-fips, helm-diff-fips, task-fips, terraform-provider-time-fips, crossplane-provider-aws-cloudtrail, docker-machine-driver-harvester, aws-network-policy-agent-fips, amazon-ecs-agent-fips,...

6.1AI score
Exploits0
NVD
NVD
added 2026/07/07 9:17 p.m.8 views

CVE-2026-53935

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS0.00341EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:44 p.m.5 views

CVE-2026-53935

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS6AI score0.00341EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/07/07 8:44 p.m.14 views

CVE-2026-53935

Summary: CVE-2026-53935 affects Cilium versions prior to 1.17.16, 1.18.2–1.18.9, and 1.19.0–1.19.3. An attacker who can create a CiliumLocalRedirectPolicy may specify arbitrary ClusterIPs via addressMatcher, enabling cross-namespace traffic hijacking to Services and bypassing serviceMatcher names...

6.9CVSS6AI score0.00341EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 3:26 p.m.5 views

GO-2026-5914 CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium

CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium...

6.9CVSS5.9AI score0.00341EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 5:3 p.m.4 views

GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access

Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56056

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.3 Cilium versions 1.18.2 through 1.18.9 Cilium versions prior to 1.17.16 Description Users capable of creating CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs using the addressMatcher parameter...

6.9CVSS6AI score0.00341EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56051

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14 Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker...

9.2CVSS5.9AI score0.00017EPSS
Exploits0References6
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: chisel-fips, flux-source-controller-fips, kots, kube-arangodb-fips, containerd, cilium-cli, flux, drone-fips, cilium, kubernetes-dashboard, istio, skaffold-fips, frankenphp-8.5, knative-kafka-broker, coder, flux-source-controller, tekton-pipelines, frankenphp-8.2,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: chisel-fips, flux-source-controller-fips, kots, kube-arangodb-fips, containerd, cilium-cli, flux, drone-fips, cilium, kubernetes-dashboard, istio, skaffold-fips, frankenphp-8.5, knative-kafka-broker, docker-machine-driver-harvester, coder, flux-source-controller,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.6 views

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: kots, kube-arangodb-fips, containerd, cilium-cli, flux, cilium, kubernetes-dashboard, istio, frankenphp-8.5, knative-kafka-broker, tekton-pipelines, frankenphp-8.2, prometheus-fips, argo-workflows-fips, omnictl-multiarch, harbor, nerdctl, minio, buildah, zot,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-9M57-25V3-79X9 vulnerabilities

Vulnerabilities for packages: terraform-fips, kots, kube-arangodb-fips, containerd, cilium-cli, flux, cilium, kubernetes-dashboard, istio, frankenphp-8.5, knative-kafka-broker, tekton-pipelines, frankenphp-8.2, prometheus-fips, argo-workflows-fips, omnictl-multiarch, harbor, nerdctl, minio,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-X527-X647-Q7GG vulnerabilities

Vulnerabilities for packages: aactl, external-dns, k9s, kine, gitlab-kas, kubescape, nerdctl, flux-source-controller, kubernetes-dashboard, cilium, spire-server, minio, opentelemetry-collector, mattermost, knative-serving, skaffold, argo-cd, istio, kubernetes, loki, gitea, telegraf, zot,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: aactl, k9s, tflint, gitlab-kas, neuvector-sigstore-interface, syft, kubescape, kubernetes-dashboard, minio, buildah, podman, eksctl, knative-serving, pulumi-language-dotnet, caddy, flux-kustomize-controller, istio, dagger, k8sgpt, nuclei, rancher-agent,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.7 views

GHSA-78MQ-XCR3-XM33 vulnerabilities

Vulnerabilities for packages: aactl, external-dns, k9s, kine, gitlab-kas, nfpm, act, witness, syft, kubescape, nerdctl, flux-source-controller, kubernetes-dashboard, cilium, chezmoi, scorecard, minio, opentelemetry-collector, spire-server, podman, mattermost, knative-serving,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.6 views

GHSA-JPPX-RXG9-JMRX vulnerabilities

Vulnerabilities for packages: aactl, external-dns, kine, gitlab-kas, nerdctl, kubernetes-dashboard, cilium, spire-server, minio, buildah, opentelemetry-collector, podman, mattermost, knative-serving, argo-cd, istio, kubernetes, loki, telegraf, zot, cloud-provider-aws, rancher, rancher-agent,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: aactl, external-dns, k9s, kine, gitlab-kas, kubescape, nerdctl, flux-source-controller, kubernetes-dashboard, cilium, spire-server, minio, opentelemetry-collector, mattermost, knative-serving, skaffold, argo-cd, istio, kubernetes, loki, gitea, telegraf, zot,...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/24 4:26 p.m.2 views

CVE-2026-52945 Revert "wireguard: device: enable threaded NAPI"

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

7.5CVSS5.8AI score0.00307EPSS
Exploits0References7
CVE
CVE
added 2026/06/24 4:26 p.m.14 views

CVE-2026-52945

The CVE-2026-52945 entry describes a Linux kernel vulnerability in the WireGuard component where enabling threaded NAPI can cause the decryption path for a WireGuard peer to stall under heavy network load (notably with Cilium), effectively causing a DoS for that peer while other peers remain func...

7.5CVSS5.8AI score0.00307EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder