Lucene search
+L

25 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1098

Malicious code in bioql PyPI...

5.5CVSS6.3AI score0.00501EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-8557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own...

5.5CVSS6.3AI score0.00501EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-0426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint...

6.2CVSS6.5AI score0.00364EPSS
Exploits0References2
OSV
OSV
added 2025/05/05 4:13 p.m.14 views

GO-2025-3646 CNCF K3s Kubernetes kubelet configuration exposes credentials in github.com/k3s-io/k3s

CNCF K3s Kubernetes kubelet configuration exposes credentials in github.com/k3s-io/k3s. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

6.8CVSS6.5AI score0.00402EPSS
Exploits0References7
Veracode
Veracode
added 2025/05/02 5:28 a.m.6 views

Authentication Bypass

github.com/k3s-io/k3s is vulnerable to unintended unauthenticated access. The vulnerability is due to a Kubernetes kubelet configuration change that, in some cases, sets ReadOnlyPort to 10255, allowing unauthenticated access and potential exposure of credentials...

6.8CVSS6.7AI score0.00402EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/27 12:4 a.m.19 views

CVE-2025-46599

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...

6.8CVSS6.9AI score0.00402EPSS
Exploits0References1
OSV
OSV
added 2025/04/25 6:30 a.m.12 views

GHSA-864F-7XJM-2JP2 CNCF K3s Kubernetes kubelet configuration exposes credentials

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...

6.8CVSS7.1AI score0.00402EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2025/04/25 5:15 a.m.5 views

CVE-2025-46599

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...

6.8CVSS7.3AI score0.00402EPSS
Exploits0References5
CVE
CVE
added 2025/04/25 12:0 a.m.276 views

CVE-2025-46599

CVE-2025-46599 affects CNCF K3s 1.32 before 1.32.4-rc1+k3s1. The issue is a kubelet configuration change that, in some scenarios, leaves ReadOnlyPort at 10255, potentially allowing unauthenticated access and exposure of credentials. The CVE’s public details indicate the impact is credentials expo...

6.8CVSS7.2AI score0.00402EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/25 12:0 a.m.5 views

k3s 安全漏洞

k3s is a lightweight Kubernetes open source from k3s. A security vulnerability exists in k3s versions prior to 1.32 to 1.32.4-rc1+k3s1 that stems from a kubelet configuration change that could lead to unauthenticated access to the ReadOnlyPort port...

6.8CVSS6.4AI score0.00402EPSS
Exploits0References7
OSV
OSV
added 2025/04/25 12:0 a.m.11 views

CVE-2025-46599

CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing...

6.8CVSS6.8AI score0.00402EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:48 a.m.78 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

8.5CVSS9.9AI score0.91969EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/28 10:0 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Kubernetes kubelet (CVE-2024-10220)

Summary A vulnerability in Kubernetes kubelet that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-10220 DESCRIPTION: Kubernetes kubelet could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper...

8.1CVSS7.4AI score0.03001EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2024-10220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29...

8.1CVSS7AI score0.03001EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/22 4:23 p.m.268 views

CVE-2024-10220 Arbitrary command execution through gitRepo volume

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

8.1CVSS0.03001EPSS
Exploits0References2
CVE
CVE
added 2024/11/22 4:23 p.m.322 views

CVE-2024-10220

CVE-2024-10220 – Kubernetes kubelet command execution via gitRepo volumes . Affects kubelet up to version 1.28.11 and 1.29.0–1.29.6 and 1.30.0–1.30.2. The issue allows arbitrary command execution through specially crafted gitRepo volumes in kubelet. Root cause: path traversal in how gitRepo volum...

8.1CVSS8.1AI score0.03001EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/22 4:23 p.m.9 views

CVE-2024-10220 Arbitrary command execution through gitRepo volume

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

8.1CVSS7.2AI score0.03001EPSS
Exploits0References2
OSV
OSV
added 2024/11/22 4:23 p.m.16 views

CVE-2024-10220 Arbitrary command execution through gitRepo volume

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2...

8.1CVSS7.4AI score0.03001EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.5 views

PT-2024-8475 · Kubernetes +1 · Kubernetes Kubelet +2

Name of the Vulnerable Software and Affected Versions: Kubernetes kubelet versions through 1.28.11 Kubernetes kubelet versions from 1.29.0 through 1.29.6 Kubernetes kubelet versions from 1.30.0 through 1.30.2 Description: The issue allows arbitrary command execution via specially crafted gitRepo...

8.6CVSS6.4AI score0.03001EPSS
Exploits3References69
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/10 5:21 a.m.15 views

Security Bulletin: IBM Automation Decision Services for August 2024 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-5321...

6.1CVSS7.2AI score0.00312EPSS
Exploits0Affected Software1
Rows per page
Query Builder