PT-2023-19953 · Pterodactyl · Wings

Name of the Vulnerable Software and Affected Versions: Wings versions prior to v1.11.4 Wings versions prior to v1.7.4 Description: This issue affects Wings, Pterodactyl's server control plane, allowing an attacker to delete files and directories recursively on the host system. The vulnerability c...

K83284425: iControl REST and tmsh vulnerability CVE-2023-22326

Security Advisory Description Incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell tmsh dig command which may allow an authenticated attacker with resource administrator role privilege to view sensitive information. CVE-2023-22326 Impact An authenticated...

K52322100: Authenticated F5 BIG-IP Guided Configuration integrity check in Appliance mode vulnerability CVE-2022-25946

Security Advisory Description When running in Appliance mode, an authenticated attacker with Administrator role privileges may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. CVE-2022-25946 Impact In Appliance mode, an authenticate...

K000130512: SQLite vulnerability CVE-2022-35737

Security Advisory Description SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. CVE-2022-35737 Impact An authenticated remote attacker can exploit this vulnerability by sending a specially crafted...

K08402414: BIG-IP ASM and Advanced WAF REST API endpoint vulnerability CVE-2022-23026

Security Advisory Description An authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. CVE-2022-23026 Impact An authenticated user with low privileges, such as a guest, may exploit this...

Oracle Linux 7 : kubernetes (ELSA-2022-10035)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10035 advisory. - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.24 - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.23 - Resolve...

Oracle Linux 8 : kubernetes (ELSA-2022-10034)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-10034 advisory. - Addresses CVE-2022-3294 & CVE-2022-3162 - Addresses CVE-2022-3172 olcne - Resolve kubernetes CVE-2022-3294 & CVE-2022-3162 for version 1.21 - Resolv...

CVE-2022-39278

An uncontrolled resource consumption flaw was found in the Istio control plane, istiod. This issue could allow an unauthenticated remote attacker to send a specially crafted or oversized message that could cause a denial of service...

The vulnerability of the Kube API-server of the Kubernetes cluster management software allows a attacker to execute arbitrary requests.

The vulnerability of the Kube API-server of the Kubernetes cluster management software is related to errors in checking node addresses. Exploiting this vulnerability allows a remote attacker to execute arbitrary requests...

CVE-2022-3294

A flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While...

Istio 安全漏洞

Istio is a set of open platforms for connecting, managing and securing microservices. A security vulnerability exists in branches from Istio versions 1.15.x through prior to 1.15.3, which stems from the fact that a user with local host access to the Istiod control plane can emulate any workload...

PT-2022-5430 · Unknown +3 · Kubernetes +2

Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: A bug in the Kubernetes API server allows bypassing validation of node proxying addresses. This could enable an attacker to send authenticated requests to the API server's private networ...

Istio may allow identity impersonation if user has localhost access

Impact User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Patches 1.15.3 Workarounds No. If using 1.15.2 please upgrade to 1.15.3 or later. References None at this time. For more information If you have any questions or...

PT-2022-24947 · Istio · Istio

Name of the Vulnerable Software and Affected Versions: Istio versions 1.15.x prior to 1.15.3 Description: A user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Recommendations: For versions prior to 1.15.3, upgrade to versi...

Denial Of Service (DoS)

istio is vulnerable to denial of service. The vulnerability is due to the Kubernetes validating or mutating webhook service being exposed to the public, allowing a malicious attacker to send a specially crafted oversized message resulting in a crash to the control plane...

Design/Logic Flaw

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

Istio 资源管理错误漏洞

Istio is a set of open platforms for connecting, managing, and securing microservices. Istio suffers from a resource management error vulnerability that stems from susceptibility to request handling errors, which can be exploited by an attacker to send specially crafted or oversized messages that...

CVE-2022-39278 Istio vulnerable to denial of service attack due to Golang Regex Library

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a...

CVE-2022-36103

Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR certificate signing request Talos control plane node might issue Talos API...