153 matches found
CVE-2021-42248 affecting package keda for versions less than 2.14.0-1
CVE-2021-42248 affecting package keda for versions less than 2.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-1996 affecting package keda for versions less than 2.14.0-1
CVE-2022-1996 affecting package keda for versions less than 2.14.0-1. An upgraded version of the package is available that resolves this issue...
CBL Mariner 2.0 Security Update: cert-manager / keda / kube-vip-cloud-provider / prometheus-adapter (CVE-2022-3162)
The version of cert-manager / keda / kube-vip-cloud-provider / prometheus-adapter installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3162 advisory. - Users authorized to list or watch one type of...
CBL Mariner 2.0 Security Update: cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes (CVE-2024-28180)
The version of cert-manager / containerized-data-importer / cri-o / dcos-cli / keda / kubernetes installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28180 advisory. - Package jose aims to provide an...
AZL-42904 CVE-2024-6104 affecting package keda for versions less than 2.14.0-2
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42942 CVE-2024-6104 affecting package keda for versions less than 2.4.0-22
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7...
AZL-42637 CVE-2024-35255 affecting package keda for versions less than 2.14.1-1
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: policy-controller, argo-events, cortex, druid, py3-cassandra-medusa, harbor-registry, guac, opentelemetry-collector, flux-image-reflector-controller, hugo, restic, terragrunt, bank-vaults, tempo, argo-workflows, zarf, tekton-chains, zot, flyte, flux,...
Low: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.12.1-394 Security Update
Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...
CVE-2024-28180 affecting package keda for versions less than 2.14.0-1
CVE-2024-28180 affecting package keda for versions less than 2.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-24786 affecting package keda for versions less than 2.14.0-1
CVE-2024-24786 affecting package keda for versions less than 2.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2021-44716 affecting package keda for versions less than 2.14.0-1
CVE-2021-44716 affecting package keda for versions less than 2.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-3162 affecting package keda for versions less than 2.14.0-1
CVE-2022-3162 affecting package keda for versions less than 2.14.0-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-21698 affecting package keda for versions less than 2.14.0-1
CVE-2022-21698 affecting package keda for versions less than 2.14.0-1. An upgraded version of the package is available that resolves this issue...
Moderate: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.12.1-376 Bug Fixes
Custom Metrics Autoscaler Operator for Red Hat OpenShift including security updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...
CVE-2023-44487 affecting package keda for versions less than 2.4.0-14
CVE-2023-44487 affecting package keda for versions less than 2.4.0-14. A patched version of the package is available...
AZL-35882 CVE-2024-28180 affecting package keda for versions less than 2.14.0-1
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
AZL-35843 CVE-2024-28180 affecting package keda for versions less than 2.4.0-26
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: policy-controller, apko, melange, cloudflared, guac, wolfictl, terragrunt, caddy, kube-rbac-proxy, bank-vaults, temporal, skaffold, argo-workflows, zarf, kargo, tekton-chains, zot, nerdctl, flux-kustomize-controller, oauth2-proxy, skopeo, dgraph, gitsign, fulcio,...
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: policy-controller, apko, melange, cloudflared, guac, wolfictl, terragrunt, caddy, kube-rbac-proxy, bank-vaults, temporal, skaffold, argo-workflows, zarf, kargo, tekton-chains, zot, nerdctl, flux-kustomize-controller, oauth2-proxy, skopeo, dgraph, gitsign, fulcio,...