164 matches found
GHSA-8MC6-XJPR-H98X Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnectInfo
Summary The fetchPeerConnectInfo function in internal/service/connect/connect.go:214-239 uses httpUtil.SendRequest no SSRF protection instead of SendSafeRequest which has ValidatePublicHTTPURL with private IP blocking. This allows authenticated users to make the server request arbitrary URLs...
RHCOS 3 : OpenShift Container Platform 3.9 (RHSA-2019:2769)
The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2769 advisory. - HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9512 - HTTP/2: flood using HEADERS frames results in...
Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.17.1
cert-manager Operator for Red Hat OpenShift 1.17.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," leveraged exposed Dock...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via apiCall. An attacker can gain unauthorized access to sensitive resources and escalate privileges via malicious urlPath values that cause the system to perform Kubernetes API requests outside the...
CVE-2026-22039 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...
Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1
cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...
Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1
cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...
GHSA-4C4X-JM2X-PF9J Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL
Summary /api/v1/index/retrieve supports retrieving a public key via a user-provided URL, allowing attackers to trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the calle...
Rekor affected by Server-Side Request Forgery (SSRF) via provided public key URL
Summary /api/v1/index/retrieve supports retrieving a public key via a user-provided URL, allowing attackers to trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the calle...
Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1
cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...
Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1
cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...
Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1
cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...
mcp-server-kubernetes has potential security issue in exec_in_pod tool
Summary A security issue exists in the execinpod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation sh -c without input validation, allowing shell...
Moderate: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.15.2
cert-manager Operator for Red Hat OpenShift 1.15.2 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...
TencentOS Server 3: conmon (TSSA-2022:0258)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0258 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
EUVD-2018-17038
Malware in sbrugna...
EUVD-2019-13726
Malware in sbrugna...
EUVD-2018-2081
Malware in sbrugna...
EUVD-2019-2198
Malware in sbrugna...